Advice Request Definition of a Security Vulnerability (by Microsoft)

Please provide comments and solutions that are helpful to the author of this topic.

Definition of a Security Vulnerability by Microsoft. Do you know it?

  • Total voters
    24
Status
Not open for further replies.
5

509322

Thread author
Andy Ful said:
I know what you mean, and I have some practice (15 years) in using/interpreting laws.
That is why I said that this definition is a lawyer precaution.
I do not think that MSRC definition of vulnerability will be important for Microsoft when patching Windows. The Microsoft Computer Guys know better what the real vulnerability is.
Click to expand...

Microsoft has deep pockets, and therefore, an army of lawyers to defend them against even an alien invasion...

Instead of an alien invasion, Microsoft would manage to buy all the alien technology rights and become the first trillion-dollar company...
 
  • Like
Reactions: Andy Ful
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Lockdown said:
The publisher bears no responsibility and makes no representation of merchantability. The soft is offered "As-Is," the licensee uses the soft at their own peril, and the user is responsible for anything that happens on their system.
Click to expand...

Yes that is technically correct on the side, but if certain issues occurred where none of the culprits included; then the developers must implement immediate solution to the affected users.

Microsoft botch updates is more alarming than security updates, caused every time few of users suffered inconvenience.
 
  • Like
Reactions: frogboy, Handsome Recluse and Andy Ful
Exterminator

Exterminator

Level 85
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Lockdown said:
LOL... read any software EULA. The publisher bears no responsibility and makes no representation of merchantability. The soft is offered "As-Is," the licensee uses the soft at their own peril, and the user is responsible for anything that happens on their system. If it weren't that way, then there would be no software industry because the industry would have been plowed-under decades ago from lawsuits.

Even without that definition, the Windows EULA covers Microsoft. It's true... read the Windows EULA.
Click to expand...
Oh I totally understand this and I am more than aware of the law and the ramifications of lawsuits both frivolous and valid.
However to play devils advocate for a moment,it does not make it right based on the threat of lawsuits.
I just find Microsoft's definition of a "security vulnerability" rather amusing and would like to see their definition of "strong arm tactics" :D
I wonder if a forced botched cumulative update that torques poor Grandpa Joe's PC falls under Microsoft's "security vulnerability" definition umbrella/EULA. A rhetorical statement of course.
I think some might have a different definition of a security vulnerability EULA or not.
Unfortunately,as you said,all software EULA's are much the same and whenever you click I agree for all intents and purposes you are entering into a contract with that company.
 
  • Like
Reactions: Winter Soldier, Andy Ful, Deleted member 178 and 1 other person
5

509322

Thread author
Exterminator said:
I just find Microsoft's definition of a "security vulnerability" rather amusing and would like to see their definition of "strong arm tactics" :D
Click to expand...

Microsoft is King.

It's good to be King.

Because Microsoft is KIng, Microsoft does "stuff" to OEMs, partners and developers too.

Nobody ever really likes the King - human or otherwise.
 
  • Like
Reactions: harlan4096 and Andy Ful
Winter Soldier

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Well, I remember when a few years ago Joanna Rutkowska discovered a "very critical" flaw in Windows Vista UAC. As reported on her blog, the flaw was in the mechanism by which the UAC assumes that all programs are able to acquire administrative privileges.

This happened because Vista used a compatibility database and several methods to recognize the installer, and every time the OS detected an executable was a setup program, allowed it to work with administrative privileges.

So according to Rutkowska this issue of the UAC was a serious flaw, very serious.

Microsoft responded to the researcher through Mark Russinovich, who explained: yes the UAC has some weaknesses, but they are a "design choices" and not a "vulnerability".

Then to get an acceptable compromise between usability and security, Microsoft left the side uncovered.

:D
 
  • Like
Reactions: frogboy, Andy Ful and Handsome Recluse
Status
Not open for further replies.

Similar threads

K
    • Like
    • +Reputation
Security News Microsoft Confirms Critical Windows Defender Security Vulnerability
Replies
3
Views
401
Security News
TairikuOkami
TairikuOkami
oldschool
    • Like
    • Wow
    • +Reputation
Security News Google Researchers Claim First Vulnerability Found Using AI
Replies
0
Views
390
Security News
oldschool
oldschool
enaph
    • Like
    • Applause
Security News RCE Vulnerability in qBittorrent’s SSL Handling Patched After 14 Years
Replies
0
Views
791
Security News
enaph
enaph

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top