Why Hasn’t Microsoft Fixed This 20 Year-Old Vulnerability? - Comments Page 1

Bob, you say Microsoft Outlook email, does that mean Windows Live Mail too?
Your advice is, as ever, timely and essential reading.

Bob - thank you for this very informative article, it really reinforces my decision to use Firefox, and Chrome as a backup.

You said that the Outlook program is also subject to this vulnerability. Does that mean that Outlook.com, accessed through Firefox or Chrome, is not?

thank you again.

I read the notice myself. It specifically stated the LEFT side of the brake pedal. However, you got it correct by writing "the big toe".

Every time I read something like this, I am happier that, several months ago, I switched to Linux Mint. It was easy to do and I can use Firefox, Chrome and Chromium. The Windows-only program I use can be run within Linux in a virtual Window. The only malware reported was when a systems manager, knowing he was about to be fired, left a parting gift.

Once you go Mac, you won't go back!

Big business fails again. This is normal for Microsoft.

Thanks Bob for your always on time information, even for an old bug like this.

This is the main reason I have walked away from Microsoft the most I can... and keep going further on each available opportunity. I don´t like their software attitude towards keeping bugs for selling new OS and keep old bugs alive.

I use Google Chrome and Mozilla Thunderbird for mail maanger, walked long time ago on Gmail and use Open Office for all spreadsheets, documents and presentations. All available for free and don´t chage menus on every update (no new learning curve for each update).

Still have to keep Microsoft OS, just because I have not made me the time for the learning curve for Linux. I hope will do in the future.

Thanks again for all your always useful information and tips, keep up your great work !

Almost unbelievable considering all the security patches they are constantly sending out. Would be interesting to find out why they don't close that hole.

Failing to patch a 20 year old vulnerability is simply unacceptable. Microsoft is dragging their name deeper into the mud.

Thank you, Bob, for another great article.

what I do NOT Understand, is that Microsoft Knows about this Problem and according to the article, has done NOTHING ABOUT IT! I Play World of Tanks almost Daily, and when a Player has a Problem in Playing the Game, he can E-Mail World of Tanks aka Wargaming and they WILL Provide the Player with a Solution within TWO DAYS at the most or Provide the Player with a List of Possible Solutions that very Day! And they have a Membership of 6,000,000 and Still Growing. So, I do not understand WHY Microsoft Has Not or Refuses to Correct the Problem. Thank God I have ''Mozilla''.PS; I have LibreOffice.

Paul, You fail to realize that correcting the bug requires man power and time. Yes it should have been corrected sooner but all the same, You have no idea how much time and effort it would take. Perhaps you should look at the code and see if you could fix it yourself before bashing developers?

Great article. I especially liked, "“We’re aware of this tendency of our brakes to fail, but if you press only the right-hand side of the brake pedal with only your big toe, you’ll be fine.”
I think it’s more likely the public would ensure its safety by buying someone else’s car."

I have always avoided Outlook, and am staying with 7 until it is impractical, at which point I will switch to Linux - so I am on my way to "buying someone else's car."

What finally did it for me was the unconscionable pressure and scams to force "upgrade" to 10. I have always waited a year or more to change to a new MSOS to avoid the rush of bugs...and I skipped from XP to 7 and stayed there. (I was just as happy with XP. That was a great OS, should have just been improved. No need for "new" ones that are not really new anyway. Just further additions to the basic byzantine architecture of the Microblather OS's.

Thanks for the information about the unresolved security problems. Microsoft is a weird bunch, and they finally have totally insulted my intelligence. No more microjunk for me.

JOhn (post just above mine): Why are you trying to offer a sugar coated excuse to MS for their inaction?

"You have no idea how much time and effort it would take. Perhaps you should look at the code and see if you could fix it yourself before bashing developers?"

That is nonsense. Microsoft is IN THE BUSINESS of creating and selling Operating Systems. They have NO excuse for not fixing the product they wrote from scratch in the first place.

Fixing a problem like this is BASIC to their business integrity and purpose, not some little thing that is just too hard to do.

This attitude, plus their scamming and dictatorial approach to clients is why I am dumping Microjunk and migrating to Linux.

As a former employee of Microsoft Tech support, I can explain this the way it would've been laughingly explained to me... "It's a feature, not a bug!" and, "Why fix it if there's a workaround?"

I never did trust logging in to a Microsoft account to access my own computer, therefore I've always used a local account.
And isn't it strange that Microsoft developed their highly-touted Edge browser to replace the (presumably) more insecure Internet Explorer, without fixing this known vulnerability?
So think twice before storing anything valuable on Microsoft OneDrive. Without a firm commitment to security, all of Microsoft's offerings are risky.

Whoa now, hold on buddy. Are you trying to tell me that people still use IE? Just kidding. I still have a couple of specific web sites that only work with IE. Somehow, even chrome's IE emulator won't work. That's the only time it is ever opened.

Maybe it's not fixed to make it snap-easy for microsoft to peruse a system at will? Backdoors come in all sizes and shapes.

The fix is simple - get a Mac!

Is browser Bing vulnerable to this XXE?

EDITOR'S NOTE: Bing is a web site, not a browser. So, no.

Apart from Windows 10 I am a Microsoft free zone. I use Chrome, EM Client have a gmail address and use Office Libre. The only reason I stick with Windows is that I'm too old or too lazy to change.