The problem with that is, sometimes a patch can cause other problems (i.e. breaking other software, corrupting databases, rather soundly screwing up user account, and the list goes on). It's best to be sure you aren't creating more problems before releasing the patch. Sometimes the additional problems can be more damaging than the original attack (simply because techs download the patch whether they have been attacked or not, so the effect of the patch is more widespread than the initial attack in most cases, thank God for that this time).

When I first heard of this vuln I thought the internet was going to see a "end of the world" situation. Just imagine if someone had used this to attack the server google uses to store it's images? Can you imagine how many people would have been effected if the main image on google had been replaced by a black hat created image?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11368/32959#32959