Friday, April 13, 2007

Microsoft Bugs vs Features

I've been watching the developments of the "Word 2007" doc bugs fiasco. Its seems like Microsoft are calling these crashes "features" rather than bugs.;377659799;fp;2;fpid;1

I'm not sure if this is the result of IT security media contorting the infomation they recieve and presenting it in a provocative way, or if Microsoft are really trying to blow off these bugs as part of their application design.

To make things clear - The bugs that I released are proof of concepts which cause denial of service. In their current state, they do not present a real threat to Word 2007 users. However, having an application crash or consume 100% CPU on a machine due to malformed user input - is probably the most classical description of a software bug.

It also seems that there is no mention of the HLP heap overflow, which probably presents more danger than all 3 doc bugs combined.