Microsoft Vulnerability Research/Advisories.

[Ceyfer √]

Microsoft Vulnerability Research (MSVR) is a program specifically designed to help improve the security ecosystem as a whole. Our goal is to share our collective experience in dealing with security vulnerabilities with the greater security community and by doing so foster positive change.

MSVR Advisories

Beginning in April 2011 the MSVR program began issuing MSVR Advisories detailing software vulnerabilities that Microsoft had privately disclosed to third-party vendors. Microsoft will never reveal vulnerability details before a vendor-supplied update is available for issues reported though the MSVR program unless there is significant evidence of active attacks in the wild. If attacks begin before the vendor has released their remediation, Microsoft will continue to coordinate to release consistent mitigation and workaround guidance with the vendor. This cooperative approach ensures that affected customers understand their risk and what to do to mitigate that risk, without revealing details with which attackers can use to commit cybercrime.

Latest Advisories:
-Use-After-Free Object Lifetime Vulnerability in Chrome Could Allow Sandboxed Remote Code Execution.
http://www.microsoft.com/technet/security/advisory/msvr11-001.mspx

-HTML5 Implementation in Chrome and Opera Could Allow Information Disclosure.
http://www.microsoft.com/technet/security/advisory/msvr11-002.mspx

[Bearcat]

Thanks for the interesting read Ceyfer. Your efforts are always appreciated!

[jj1two3]

Thanks ceyfer very interesting. Good work.

[JayCub]

"Microsoft will never reveal vulnerability details before a vendor-supplied update is available for issues reported though the MSVR program unless there is significant evidence of active attacks in the wild."

Interesting as always Ceyfer, it's just amazing that if there is a vunerability with Windows it's all over the net before MS can issue a fix or reply.

[Bearcat]

it's just amazing that if there is a vunerability with Windows it's all over the net before MS can issue a fix or reply

True and it must drive them crazy!

[INDRANIL]

Thanks for the heads up Ceyfer . Let's see .

[leofelix]

LOL
nice implementation and very tactful move from Microsoft:- P

[Ceyfer √]

Interesting as always Ceyfer, it's just amazing that if there is a vunerability with Windows it's all over the net before MS can issue a fix or reply.

Drawing upon our years of experience, we have seen that disclosing vulnerability details and/or exploits before a vendor has a chance to address the issue amplifies the risk of attacks.

That's the problem with most third party vulnerability sniffers out there, they are so obsessed with Windows faulty ecosystem, murders it and gains a lot of profit from it, but they didn't really care about protecting the user in the process, do they really care?. Well, it's a bit late but indeed a rewarding initiative. Coordination and collaboration is a definite option in this very noisy atmosphere.