Microsoft admits it knew about, didn’t patch, bugs

Microsoft Corp.’s security team today acknowledged that it knew of bugs in its Jet Database Engine as far back as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors.

A researcher at Symantec Corp. said Microsoft should have fixed the flaws years ago.

In a post to the Microsoft Security Research Center (MSRC) blog late Monday afternoon, Mike Reavey, the MSRC’s operations manager, admitted that outside researchers had notified Microsoft in 2005 and 2007 of separate bugs in Jet, a Windows component that provides data access to applications such as Microsoft Access and Visual Basic.

More at http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=windows&articleId=9071660&taxonomyId=125&intsrc=kc_top

Leave a Reply