Submission + - Critical .mdb flaw Found - Microsoft may Never fix (beskerming.com) 4
SkiifGeek writes: "When independent security researcher cocoruder found a critical bug with the JET engine, via the .mdb (Access) file format, he reported it to Microsoft, but Microsoft's response came as a surprise to him — it appears that Microsoft are not inclined to fix a critical arbitrary code execution vulnerability with a data technology that is at the heart of a large number of essential business and hobby applications.
Where should vendors be required to draw the line when supporting deprecated file formats and technology? In this case, leaving a serious vulnerability active in a deprecated technology could have serious effects if an exploit were to target it, but it is a matter of finding the right balance of security and usability such that Microsoft's users are not exposed to too great a danger for continuing to use Microsoft products."
Where should vendors be required to draw the line when supporting deprecated file formats and technology? In this case, leaving a serious vulnerability active in a deprecated technology could have serious effects if an exploit were to target it, but it is a matter of finding the right balance of security and usability such that Microsoft's users are not exposed to too great a danger for continuing to use Microsoft products."