|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hidden Microsoft CVEs And No Answers
- To: Carsten Eiram <che@riskbasedsecurity.com>
- Subject: Re: Hidden Microsoft CVEs And No Answers
- From: jericho <jericho@attrition.org>
- Date: Sat, 25 Mar 2017 11:14:48 -0500
- Authentication-results: spf=none (sender IP is 129.83.29.3) smtp.mailfrom=LISTS.MITRE.ORG; mitre.mail.onmicrosoft.com; dkim=none (message not signed) header.d=none;mitre.mail.onmicrosoft.com; dmarc=none action=none header.from=attrition.org;
- Cc: cve-editorial-board-list <cve-editorial-board-list@lists.mitre.org>
- Delivery-date: Mon Mar 27 07:53:31 2017
- Importance: high
- In-reply-to: <CACph5NW=-Y1OsUZOvdmCkY_hMzscdraW2OmSsQQkBOqgVMX=gQ@mail.gmail.com>
- List-help: <mailto:LISTSERV@LISTS.MITRE.ORG?body=INFO%20CVE-EDITORIAL-BOARD-LIST>
- List-owner: <mailto:CVE-EDITORIAL-BOARD-LIST-request@LISTS.MITRE.ORG>
- List-subscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-subscribe-request@LISTS.MITRE.ORG>
- List-unsubscribe: <mailto:CVE-EDITORIAL-BOARD-LIST-unsubscribe-request@LISTS.MITRE.ORG>
- References: <CACph5NW=-Y1OsUZOvdmCkY_hMzscdraW2OmSsQQkBOqgVMX=gQ@mail.gmail.com>
- Sender: <owner-cve-editorial-board-list@lists.mitre.org>
- Spamdiagnosticmetadata: 6cdb8bfc89744bd8bfee511e3e65aa05
- Spamdiagnosticoutput: 1:2
- User-agent: Alpine 2.00 (LNX 1167 2008-08-23)
On Sat, 25 Mar 2017, Carsten Eiram wrote: : It has now been 6 business days, and I have still not received an : answer. Historically, Microsoft have otherwise been good at responding : quickly to such requests. The last 45 days of dealing with Microsoft has been extremely disappointing for me as well. When contacting them twice about random CVEs they assigned in 2016 and then seemingly removed from advisories, and then when questioning the affected products in Jan 17 patch releases, answers are not forthcoming. It is taking them days to ack the mail, then weeks to follow-up. In some cases it was a 4+ week process to resolve the questions. Right now, I still have two requests outstanding, one CVE related. : I'd appreciate if Microsoft could shed some light on this. As Carsten notes, this is a turnaround from how responsive Microsoft used to be even mid to late last year. Something has changed inside MSRC clearly. .b
- References:
- Hidden Microsoft CVEs And No Answers
- From: Carsten Eiram <che@riskbasedsecurity.com>
- Hidden Microsoft CVEs And No Answers
- Prev by Date: Hidden Microsoft CVEs And No Answers
- Next by Date: Re: AMD crash bug
- Previous by thread: Hidden Microsoft CVEs And No Answers
- Next by thread: RE: Hidden Microsoft CVEs And No Answers
- Index(es):