Microsoft First Notified Of .ANI Bug In December

Microsoft was first alerted to the .ANI vulnerability back in December, but a patch for it didn't come before exploits began hitting the wild last week.

Mark Miller, director of the Microsoft Security Response Center, said in an interview Monday with InformationWeek that the company needed the three-plus months to work on building and testing a good patch. Since the exploit hit last week, he said slightly less than 100 Microsoft technicians have been working "around the clock" to ready the patch.

A security researcher at Determina, a security company based in Redwood City, Calif., reported the vulnerability to Microsoft on Dec. 20, according to Miller. Microsoft First Notified Of .ANI Bug In December -- Windows security -- InformationWeek

Linked by shanmuga Tuesday, 10th April 2007 1:36AM