[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

To: guninski@xxxxxxxxxxxx
Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
From: mcbain@xxxxxxx
Date: Tue, 12 Apr 2005 17:00:46 -0400

Did you notice in my email i said they "admit" it?  There is no argument here 
nor there.  

The reason for this (from redmond) is they cannot break computers that are out 
there. There tolerance has to be even below one percent ,and even that is too 
much and finally conceded with them on their points.  Also, they do not "patch" 
they find the root of the problem which adds more time.  So you should be 
seeing less workarounds of microsoft patches. 

This is where the market for those third party scanners are out there for 0day 
or need to be picked up on by AVP's (which i must say have been doing  better).

Mike
www.michaelevanchik.com

-----Original Message-----
From: Georgi Guninski <guninski@xxxxxxxxxxxx>
To: mcbain@xxxxxxx
Cc: tuytumadre@xxxxxxx; jasonc@xxxxxxxxxxx; full-disclosure@xxxxxxxxxxxxxxxxx
Sent: Tue, 12 Apr 2005 23:42:41 +0300
Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft

On Mon, Apr 11, 2005 at 01:55:00PM -0400, mcbain@xxxxxxx wrote:
>    They do want you to communicate with them (or vendors) in a more 
responsible manner but at the same time totally admit to their "PR issue" and 
how they have handled bug finders in the past and internal security in the past 
and are changing.  There email in this thread is exactly the truth as it was 
written.
>

calculate the difference in the dates:

http://www.securityfocus.com/archive/1/395563/2005-04-09/2005-04-15/0
Microsoft MSHTA Script Execution Vulnerability

iDEFENSE Security Advisory 04.12.05
www.idefense.com/application/poi/display?id=231&type=vulnerabilities
April 12, 2005

VIII. DISCLOSURE TIMELINE

11/02/2004  Initial vendor notification
11/02/2004  Initial vendor response
04/12/2005  Coordinated public disclosure

http://www.securityfocus.com/archive/1/395562/2005-04-09/2005-04-15/0
VIII. DISCLOSURE TIMELINE

10/25/2004  Initial vendor notification
10/25/2004  Initial vendor response
04/12/2005  Coordinated public disclosure

http://www.securityfocus.com/archive/1/395559/2005-04-09/2005-04-15/0
VIII. DISCLOSURE TIMELINE

11/11/2004  Initial vendor notification
11/11/2004  Initial vendor response
04/12/2005  Coordinated public disclosure

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
  - From: Georgi Guninski

References:
- Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
  - From: tuytumadre
- Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
  - From: mcbain
- Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
  - From: Georgi Guninski

Prev by Date: [Full-disclosure] Details and PoC for MS05-020 MSIE DHTML Object handling vulnerabilities
Next by Date: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
Previous by thread: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
Next by thread: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
Index(es):
- Date
- Thread