This bug has been talked about to death, and the official patch has been released. Anyway, here’s a bit of a time line of relevant events.
- Microsoft announces the vulnerability
- Arbor Networks sees it being exploited in the wild
- A proof of concept exploit was posted to Full Disclosure
- Third party patches are released… then debated
- Microsoft releases the official patch, going off the usual Patch Tuesday schedule
- H D Moore announces two new Metasploit modules for this vulnerability
There you have it, I’ve documented a little part of Microsoft security history… Maybe I’ll come back to read these links years from now, and realize how far we’ve come – or how things have gotten much worse. Who knows!
