Hmm… Another Patch Tuesday Vulnerability Release
Sunday November 19, 2006 at 7:15 am CST
Posted by Karthik Raman
This week, Secunia and SecurityFocus published advisories on a Microsoft Windows Active Directory vulnerability. Reportedly, a remote attacker could deny service to vulnerable machines by exploiting this vulnerability.
Not much more is public about this flaw. Nonetheless, the flaw’s publication date is conspicuous: it was published on November 14, which coincides with Microsoft’s November Patch Tuesday.
I’ve called attention before to what may be a trend for vulnerability disclosure. Security researchers might be releasing Microsoft vulnerabilities on or just after a Patch Tuesday to maximize the vulnerabilities’ window of exposure. The November 14 Windows Active Directory vulnerability is yet another curve-fitter in this trend!
December 14th, 2006 at 2:53 pm
[…] Although one could argue that the December 12 release of a new Microsoft flaw was only a coincidence, it fits the trend of the disclosure of Microsoft vulnerabilities on or just after a Patch Tuesday. November’s trend-fitter, a vulnerability in Microsoft Active Directory, did not include a public proof-of-concept; this month’s trend-fitter, however, does have a public proof-of-concept. […]