Advice Request Definition of a Security Vulnerability (by Microsoft)

Please provide comments and solutions that are helpful to the author of this topic.

Definition of a Security Vulnerability by Microsoft. Do you know it?


  • Total voters
    24
Status
Not open for further replies.
5

509322

Thread author
I know what you mean, and I have some practice (15 years) in using/interpreting laws.
That is why I said that this definition is a lawyer precaution.
I do not think that MSRC definition of vulnerability will be important for Microsoft when patching Windows. The Microsoft Computer Guys know better what the real vulnerability is.

Microsoft has deep pockets, and therefore, an army of lawyers to defend them against even an alien invasion...

Instead of an alien invasion, Microsoft would manage to buy all the alien technology rights and become the first trillion-dollar company...
 
  • Like
Reactions: Andy Ful

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
The publisher bears no responsibility and makes no representation of merchantability. The soft is offered "As-Is," the licensee uses the soft at their own peril, and the user is responsible for anything that happens on their system.

Yes that is technically correct on the side, but if certain issues occurred where none of the culprits included; then the developers must implement immediate solution to the affected users.

Microsoft botch updates is more alarming than security updates, caused every time few of users suffered inconvenience.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
LOL... read any software EULA. The publisher bears no responsibility and makes no representation of merchantability. The soft is offered "As-Is," the licensee uses the soft at their own peril, and the user is responsible for anything that happens on their system. If it weren't that way, then there would be no software industry because the industry would have been plowed-under decades ago from lawsuits.

Even without that definition, the Windows EULA covers Microsoft. It's true... read the Windows EULA.
Oh I totally understand this and I am more than aware of the law and the ramifications of lawsuits both frivolous and valid.
However to play devils advocate for a moment,it does not make it right based on the threat of lawsuits.
I just find Microsoft's definition of a "security vulnerability" rather amusing and would like to see their definition of "strong arm tactics" :D
I wonder if a forced botched cumulative update that torques poor Grandpa Joe's PC falls under Microsoft's "security vulnerability" definition umbrella/EULA. A rhetorical statement of course.
I think some might have a different definition of a security vulnerability EULA or not.
Unfortunately,as you said,all software EULA's are much the same and whenever you click I agree for all intents and purposes you are entering into a contract with that company.
 
5

509322

Thread author
I just find Microsoft's definition of a "security vulnerability" rather amusing and would like to see their definition of "strong arm tactics" :D

Microsoft is King.

It's good to be King.

Because Microsoft is KIng, Microsoft does "stuff" to OEMs, partners and developers too.

Nobody ever really likes the King - human or otherwise.
 

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Well, I remember when a few years ago Joanna Rutkowska discovered a "very critical" flaw in Windows Vista UAC. As reported on her blog, the flaw was in the mechanism by which the UAC assumes that all programs are able to acquire administrative privileges.

This happened because Vista used a compatibility database and several methods to recognize the installer, and every time the OS detected an executable was a setup program, allowed it to work with administrative privileges.

So according to Rutkowska this issue of the UAC was a serious flaw, very serious.

Microsoft responded to the researcher through Mark Russinovich, who explained: yes the UAC has some weaknesses, but they are a "design choices" and not a "vulnerability".

Then to get an acceptable compromise between usability and security, Microsoft left the side uncovered.

:D
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top