Microsoft knew of critical IE flaw used in Google attack 5 months ago
Microsoft's senior security officer Jerry Bryant had this to say: "Our investigation into this responsibly reported vulnerability began early September...We became aware of the recent attacks in mid January and as part of our investigation determined the vulnerability being used in these attacks was similar to the one investigated in September."
Apparently the official plan from Redmond was to patch the hole in a cumulative update this February -- a full six months after it was discovered. In the wake of the attacks, however, they were forced into action and released an out-of-band patch for IE.
What's your take on this news?
Six months seems like an extremely long time to make millions of customers wait for you to release a patch to a flaw which is considered to pose a severe risk.
Most of our users have already made the switch - maybe it's time for the rest of the world to look at an alternative browser.