Wall Street Journal: Microsoft says it cannot wall off its OS due to a 2009 deal with the EC to give security software makers the same level of access to Windows that Microsoft gets  —  Global outage on Windows machines caused by CrowdStrike highlights Microsoft’s security challenges

    • OppositeOfOxymoron@infosec.pub
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      1
      ·
      3 months ago

      The whole point to Endpoint Protection is to quickly and easily send updates to block currently exploited vulnerabilities to the systems most likely to be affected. Adding a delay for in-house QA testing (and the associated costs) doesn’t make any sense.

    • svieg@slrpnk.net
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 months ago

      I think it’s very unrealistic to expect all sysadmins to spot uninitialized memory access in all software they don’t produce. This calls for independent software testing at scale which is more elaborate than just pushing the responsibility to sysadmins.