Sorry, but Microsoft has a point. Simply releasing info about a security breach before a fix has been found is irresponsible. There ought to be a "decent interval" between the discovery of the breach and its public revelation. I think a month is about right. The discoverer should first notify the software maker, then promise to hold off for at least a month before announcing the problem. This strikes me as a reasonable compromise that protects the public's right to know about the problem, but also minimizes the risk that the problem will be exploited by some scummy computer vandal.
On the flipside though, couple of years ago I think, did not some third party announce a flaw and state that they tried to tell MS about it but were being ignored?
Keep in mind that this is coming from a user that has spent at least 4 hours so far - holiday time - cleaning up my kids computer.
Oh, the irony!
LVM
"There ought to be a "decent interval" between the discovery of the breach and its public revelation."
Go back and read the story. You have your facts all wrong.
A tool found the crash and the guy asked for help in determining why. Someone else found th actual problem. It was a colaborative discovery. Neither person alone found or published the exploit. It was readily replicatable every time you pointed this tool at a microsoft browser.
Microsoft STILL has not published a fix.
Had this been Nozilla, or Opera, or Konqueror browser the fix would be in WIDE distribrution already.