The security threat posed by a particular bug in Windows is "Critical", but this is mitigated by the fact that: "The user must open a document sent to them by an attacker in order for this vulnerability to be exploited.", or "The Microsoft Access Snapshot Viewer is not installed with Microsoft Office by default. ", or "Any information disclosure would be completely random. "
Well that last one is certainly good to know. If my information is going to be disclosed I'd certainly prefer that it be my random information rather than my much more valuable, um, organized information.
I'm wondering if there are not a team of "Mitigation Specialists" at Microsoft charged with coming up with these things. I think this is something I could handle pretty well. I think I'll send them a resume.
Here is a sample of my work:
* User must have not only installed Windows and Office, but actually be using these products for any harm to, or exposer of user data to occur.
~*~ Small pets, farm animals, or other domesticated wildlife will not be harmed by the use of these products, even if human user fails to exercise due caution.
*# Extra-Terrestrial life-forms are completely safe even when in the same room as an operating Windows environment.
~~ Use of un-patched Outlook Express has been shown to have no effect on local precipitation nor earthquake activity. We will advise customers of an future change in this situation.
I really think I could come up with a lot of these. How about you? Do you have a future as a Microsoft Mitigation Specialist?