Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Giving Exploit Writers Clues To Flaws

Posted by kdawson on Monday April 16, 2007 @01:42PM from the first-word-sounds-like dept.

In the IT trench writes "How's this for a new twist on the old responsible disclosure debate? Hackers are using clues from Microsoft's pre-patch security advisories to create and publish proof-of-concept exploits. The latest zero-day flaw in the Windows DNS Server RPC interface implementation is a perfect example of the tug-o-war within the Microsoft Security Response Center about how much information should be included in the pre-patch advisory."

1 of 63 comments (clear)

Min score:

Reason:

Sort:

There was already exploit code before the advisory by Anonymous Coward · 2007-04-16 14:12 · Score: 5, Informative

One could find exploit code to the DNS issue before the advisory was published. MSRC didn't reveal any more information than was already publicly known.