Re: Microsoft Warns of New Windows Flaw (March 19, 2003 )

From: Bill Blanton (bblanton@REMOVEmagicnet.net)
Date: 03/22/03 

From: "Bill Blanton" <bblanton@REMOVEmagicnet.net>
Date: Sat, 22 Mar 2003 19:47:17 GMT

"FromTheRafters" <!0000@nomad.fake> wrote in message news:v7l4bg6f0sg638@corp.supernews.com...

> > In a fit of excitement on Thu, 20 Mar 2003 16:37:40 GMT, The Other
> > Guy <nospam@this.addy> managed to scribble:
> >
> > > http://www.eweek.com/article2/0,3959,941455,00.asp
> > > March 19, 2003
> > > Microsoft Warns of New Windows Flaw
> > >
> > > Microsoft Corp. has released a patch for a critical vulnerability
> > > in every version of Windows from 98 forward.
> > > The flaw lies in the Windows Script Engine for Jscript, which
> > > enables the operating system to execute script code.

> It seems they don't take it seriously until someone shoves a written
> exploit code in their face. Is that what happened here?

According to http://marc.theaimsgroup.com/?l=bugtraq&m=104812108307645&w=2
they were made aware in July of '02 and again in Jan '03.
It took some 8 months from the original contact, and 2 months from the
more "official contact" (and by the looks of it..some pestering) to release
the patch.

<quote>

VIII. DISCLOSURE TIMELINE

07/07/2002 Microsoft initially notified
12/07/2002 Issue disclosed to iDEFENSE
01/09/2003 iDEFENSE notification sent to Microsoft (secure@microsoft.com)
01/10/2003 Response received from secure@microsoft.com
01/10/2003 iDEFENSE clients notified
01/11/2003 to 03/18/2003 No less than eight e-mails requesting status reports on patch status
03/19/2003 Public disclosure

IX. CREDIT

Roland Postle ( [snip] ) discovered this vulnerability.

</quote>

references:
http://www.microsoft.com/technet/security/bulletin/ms03-008.asp
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0010

Relevant Pages

  • Re: OT: Charging purchases to phone bill?
    ... I'm sure that at some point in the past, I saw references to making ... purchases and charging them to a phone bill. ... people who didn't have a credit card. ... Anyone know of such a purchase method? ...
    (alt.marketing.online.ebay)
  • OT: Charging purchases to phone bill?
    ... Now I'd like to switch carriers, but have something like $150 credit that I'd lose. ... I did find a few references to charities that accept donations charged to a phone bill so if nothing else I can do that a bunch of times. ... I'm sure that at some point in the past, I saw references to making purchases and charging them to a phone bill. ...
    (alt.marketing.online.ebay)
  • Re: Pogue on the goodies in Leopard
    ... Derek Currie wrote: ... That one gives credit is not relevant. ... It violates the law. ... This concept of quotations accompanied with references is ...
    (comp.sys.mac.advocacy)
  • Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft
    ... DISCLOSURE TIMELINE ... 11/02/2004 Initial vendor notification ... 04/12/2005 Coordinated public disclosure ...
    (Full-Disclosure)
  • Re: health care
    ... Not surprisingly I saw no references to William Clark or any other forms ... Does taking credit for the work of others fall under unethical conduct ... or is it just a lie? ...
    (rec.sport.golf)