[Dominic Harr]

The FBI's National Infrastructure Protection Center said that, in addition to installing a free software fix offered by Microsoft on the company's Web site, consumers and corporations using Windows XP (news - web sites) should disable the product's ``universal plug and play'' features affected by the glitches.

Why does MS want people to leave this on so bad?

MS has known about the exploit for 5 weeks. They could have -- legally *should* have -- informed their customers of the product flaw 5 weeks ago and told customers to turn that 'feature' off.

Instead, MS just left customers hanging in the wind, vulnerable, for over a month while they continued to fraudulently sell XP. And MS has been selling a product they *knew* to be faulty, without informing consumers of the flaw.

[verboten]

Pardon me while I laugh at the notion of the FBI lecturing on security vulnerability. I guess they are grasping for credibility. But maybe this is much more sinister. Maybe the FBI was using the universal plug and play to install "rogue software" to spy on users. They've been drooling over such things prior to 9-11 but with more eagerness afterwards. Maybe Microsoft was strong armed into delaying the fix. After all, the government was just involved in trying to destroy the company. I'm sure Gates is much more eager to "play ball" with the government after they attacked his company.

[AAABEST]

The glitches were unusually serious because they allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.

Kind of gives a whole new meaning to the term "Univeral Plug and Play".

I'm sure they didn't expect it to be that "universal".

[Glenn]

legally *should* have

Can you cite this law, please?

[Amerigomag]

MS has known about the exploit for 5 weeks

Wrong!

MS has know about the potential for the problem since the design phase of W2k and ME, more than two years ago.

Steve Gibson tried to warn them in June 2001 but they wouldn't listen. A hacker finally got around to probing the know weakness this past summer. MS was notified some weeks ago.