Friday, October 01, 2004

Distribution and Vulnerabilities

An interesting article that covers what developers need to do as a result of the GDI+ exploit recently announced by Microsoft.

This exploit appears to be different than previous exploits because it touches a piece of code that is both 1) redistributable by a developer and 2) written in a platform that supports side by side execution of dlls. The overall effect being that developers are going to have to get more involved in making sure their applications are up to date and patched against this vulnerability.

It's not quite the same as when IE or WinXP has a vulnerability that must be patched. Depending on what major applications use this package, and how they use it, we could see other exploits beyond the ones targeting internet explorer or outlook.

No comments: