Security Fixes Priority Over Crashes?

I was very surprised that again, five months later, Microsoft Word 2007 stopped working on one of my computers after one of Vista's automatic update. I last experienced this very same bug on January 10, 2008. Exactly the same symptoms. Out of no where, Word will not open documents, text is not selectable and scroll bars don't work with the mouse, and Word crashes when you close it. Last January I fixed the problem indirectly by reinstalling Office, backing out the Vista updates, then reapplying the Vista updates. A helpful reader left a comment with a link to the culprit, Article ID 940791.

A bug that causes software to crash, become unusable, or corrupt data are typically classified with terms like "severity 1", "SEV 1", or "critical". Those are almost always the top bugs to get fixed. The other top priorities are security bugs, particularly those which are exploitable remotely and allow an intruder to gain control of the target computer. I have to believe that 940791 is more than just an occasional annoyance that only a few users have experienced. I've had it happen twice, months apart on two different computers, and there were a number of commenters on the Jan. 08 blog post who experienced the same problem.

Another Office product problem, reported to me by a long time business associate and friend Rex Humston, prevents Outlook 2007 clients from connecting to Exchange 2003 via RPC over HTTP. While it doesn't meet the classification of a SEV 1 bug, it's been discussed on the forums since May 2007 and viewed over 28,600 times. It's not stopping traffic bug, but I can understand why it's important to have bugs like this fixed.

So I have to ask myself, why haven't critical bugs like 940791 been fixed yet? I see three main possibilities; Are there other more serious Word bugs causing it to crash which appear more frequently? Does it take longer than six months to get out a fix for a SEV 1 Word or Vista bug? Or, are fixes to security bugs taking priority to application crashes?

Obviously, I don't have the answer since I'm not privy to decisions around priorities to fixes in Word and Vista. But I have to at least give the third option some strong consideration... security fixes taking priority over other software crashing bugs. I don't have any evidence, it's just a hunch. Microsoft's done a great job of improving the security of their software, especially by rebuilding Vista from the ground up. I frequently give Microsoft kudos for Vista's improved security. You to wonder though, are other priority issues taking a back seat to fixing and releasing security vulnerabilities.

Like this? Here are some of Mitchell's recent posts. HP Deal Embeds Sliverlight Trojan - Ready, Start, Slow!Microsoft Plays Windows 7 HardballMicrosoft MIA From Nortel SSA DealApple Drops Security Mantra, Bashes VistaiPhone Interface Comes to Windows 7 Product Reviews: Microsoft Live Mesh Google App Engine Xobni Outlook plugin

Rock Star jobs in SaaS: SaaS Jobs

Recent Converging Network Blog Posts: Get Ready For XaaS Everywhere Unbelievably Bad Web Password Security Back From Hiatus, Saved by Web 2.0 Technology It Takes a Village.. ah, actually, being there first and tons of hard work

Favorite Book Recommendations: The Big Switch Zero Day Attack Clear Blogging

Check out Mitchell's Converging On Microsoft Podcast. Current Podcast Episode: Security Mike Gets Serious About Security

Also visit Mitchell's personal blog The Converging Network and SSAATY Security Podcast.Visit Microsoft Subnet for more news, blogs, opinion from around the Web.Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)