So MS announces that they have a patch, for a zero day exploit, that is confirmed to have exploit code in the wild, with 50+ variations of the exploit and growing, that affects most versions of Windows, that results in arbitrary code execution on the victim machine, with user or system permissions.....
and they decide to HOLD the patch for 7 days?!
Why announce that they have the patch at all if they are not going to release it, or at least an early release version of it?!
Doesn't this simply serve as a LAST CALL to all the exploit writers?
So MS announces that they have a patch, for a zero day exploit, that is confirmed to have exploit code in the wild, with 50+ variations of the exploit and growing, that affects most versions of Windows, that results in arbitrary code execution on the victim machine, with user or system permissions.....
and they decide to HOLD the patch for 7 days?!
Why announce that they have the patch at all if they are not going to release it, or at least an early release version of it?!
Doesn't this simply serve as a LAST CALL to all the exploit writers?
cmkaiser
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/newsbriefs/93/412#412