Soon after its announcement of the release of patch for Internet Explorer the other day, Microsoft conceded that it has knowledge of the defect for quite some time. Redmond revealed that they have investigated and found out that the vulnerability was exactly the same as the one conveyed to them and verified in last September. We now wonder if Microsoft could have averted the Chinese incidents on thirty-three businesses by making patches available for Internet Explorer faster. We have contacted safety experts on this issue and they are on the view that the happening could not have been averted.

An expert averred that when vulnerability was reported in December last, there were no identified manipulations and as such, Microsoft chose to schedule the release of the patch in Feb, which was the subsequent security announcement time. However, the exploitation happened prior to the release of the revision. If you look at it impartially, Microsoft encounters a number of vulnerabilities and no one would have any idea which one would be susceptible to manipulation. To sum up, Microsoft, as usual, developed the fix without enlightening the public till such time it was vital to issue a warning.

Another expert is of the view that Microsoft takes unusually long time to discover a fix. As per the information he had Microsoft was aware of the flaw in early Sept and they have been researching on a fix for the past over four months, which exceeded the normal three months they anticipate for serious updates. According to him, he had no idea about the time of attack, but feels that an early release of the fix would have foiled this specific incursion.

He further opined that establishments seldom follow a time schedule for their fixes. Though he is in the dark about Google’s vital patches, it cannot be ruled out that they too would be lagging behind on critical fixes.

We have this feeling that the vector employed could not have been Internet Explorer alone. Another expert concurs and says that thirty-three strategic companies were hit with the obvious patronage of the state. It is pointless to think that all these companies had only IE vulnerability. According to him, it is fascinating to discover the person or persons behind the attack and the reason for it, not the way it is done.

Now, we do not agree with the last bit. Companies, the world over are more interested to know ‘how- it-is-done’ than pondering about the attacker so that sensitive data could be protected.