Why MS11-100 was Out Of Band

: @orinthomas

According to the recent OOB Bulletin Q&A and Webcast, MS11-100 was pushed out because exploiting the vulnerability in a denial of service attack was relatively straightforward once details of the vulnerability were made public. MS11-100 does not address a vulnerability that could be used to directly trigger a remote code exploit. MS11-100 also fixes an elevation of privilege vulnerability and a spoofing vulnerability that were otherwise going to be address in January’s patch Tuesday.


You can catch the entirety of the webcast with Pete Voss and Jonathan Ness here at: http://blogs.technet.com/b/msrc/archive/2011/12/30/december-2011-out-of-band-bulletin-release-q-amp-a-and-webcast.aspx

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish