13 July,2009 09:45 AM IST | | Balaji Narasimhan
Though the company knew of a critical bug over a year ago, it didn't take active steps to fix it
Many large companies tend to occasionally fall flat on their faces and become a source of amusement to their competitors, but when the issue is one of security, then nobody can laugh. And Microsoft's recent snafu is a case in point.
According to reports that have appeared in international publications like https://www.theregister.co.uk/, computerworld.com and darkreading.com among others, though Microsoft was made aware of a flaw behind a widespread IE bug, the company has done precious little about it.
Inform us
In this day and age, when bugs are exploited by hackers extremely quickly, it is unacceptable for a company like Microsoft, which has vast resources at its disposal, to cause such a delay.
In fact, John Pescatore, Gartner's primary security analyst, in an article that appeared on computerworld.com said, "That's just not an acceptable timeframe."
Typically, Microsoft has something called Patch Tuesday, when it sends out bug fixes to all computers, which use auto update to patch computers. Patch Tuesday is the second Tuesday of each month, the day on which Microsoft releases security patches.
Slow and unsteady
According to theregister.co.uk, Microsoft was alerted about this flaw around April or May of 2008. This means that over a dozen Patch Tuesdays have come and gone, and Microsoft has not done anything about it.
Many users, faced with this attitude, may want to give up on IE and choose some alternatives. In fact, it looks like this is already happening according to statcounter.com, in 2008, IE had over 67 per cent market share, while Firefox had just over 25 per cent. This year (that is, the first 190 days of 2009), IE has slipped below 63 per cent, while Firefox has risen above 29 per cent.
India angle
In India too, Firefox is gaining ground in 2008, the figures for IE and Firefox stood at 63 per cent and 27 per cent respectively. For 2009, IE stands at 59 per cent and Firefox at 30 per cent.
Firefox seems to be doing extremely well in Europe and its 38 per cent market share compares extremely well with IE's 48 per cent. And if Microsoft keeps taking its own sweet time with critical updates, then the day is not far when Firefox will have more market share than IE worldwide.
Vulnerability details
According to Microsoft Security Advisory (972890), Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention.
QUICK TAKE
>>Microsoft is taking a long time to patch critical bugs
>>A bad example is a bug that has remained unpatched for over a year
>>If this continues, IE will lose and Firefox will gain