case manager
Vendor communication:
09.12.2008 Initial notification sent to MSRC
10.12.2008 Response from MSRC case manager - The report is
being investigated.
23.12.2008 Recurity Labs would like to know whether MSRC
considers this a vulnerability. If not so, Recurity
Labs would like to mention the issue in an upcoming
Vendor contact timeline:
------------------------
2011-10-07: Contacted vendor through secure@microsoft.com
2011-10-07: Vendor response, MSRC 11838
2011-10-14: Contacted MSRC asking for status
2011-10-15: Answer from case manager: the vulnerability will be
addressed through a security bulletin, a timeframe is
unknown.
2011-11-23: Contacted MSRC asking for status
2011-11-23: Answer from case manager: a release date of update is
unknown, best guess would be a month before or after the
03/17/2008 Initial vendor response
03/17/2008 PoC requested
03/17/2008 Poc sent
04/18/2008 Status update request sent
05/28/2008 Status update request sent
07/03/2008 Status update received, new case manager assigned
06/26/2009 Status update received, new case manager assigned
06/26/2009 Bulletin release scheduled for July
07/09/2009 Status update received, bulletin delayed
08/11/2009 Public disclosure by Microsoft
. 2010-06-28:
Vendor informs that it has found that the vulnerable code actually
exists and is owned by the IE team whom is currently investigating the
crash; and that this case is transferred over to them (and to a new case
manager as well).
. 2010-07-02:
Vendor informs Core that the IE team has finished the investigation into
this issue and was able to reproduce the issue reported. During the
investigation it was determined that this is an exploitable crash in
:Further communication:
March 20, 2009: Technical details and PoC code were sent to Tony, in PGP MIME format.
March 20, 2009: Tony replied with a new case identifier MSRC 9011jr and informed us of a new case manager, Jack.
March 21, 2009: We further reported that IE 8 was affected by the same bug, in PGP MIME format.
March 30, 2009: We asked if Microsoft had received our PoC.
04/25/2008 - Initial Response
04/25/2008 - PoC Requested
07/21/2008 - PoC Requested
07/21/2008 - PoC Sent
12/11/2008 - Status Update Received - no estimated release date
02/19/2009 - Status Update Received - new case manager, estimated
release date 06/09/2009
10/13/2009 - Coordinated public disclosure
IX. CREDIT
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches
for proprietary tools
- FLOSS tools for the automation of the forensic process and case management
We expect technical papers detailing implementation and validation of
such tools, comparisons between open source and proprietary tools, and
papers balancing benefits and drawbacks of open source and proprietary
tools in digital investigation. While the main focus of the workshop is
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches
for proprietary tools
- FLOSS tools for the automation of the forensic process and case management
We expect technical papers detailing implementation and validation of
such tools, comparisons between open source and proprietary tools, and
papers balancing benefits and drawbacks of open source and proprietary
tools in digital investigation. While the main focus of the workshop is
04/25/2008 - Initial Response
04/25/2008 - PoC Sent
07/22/2008 - Status Update Requested
07/23/2008 - Initial Response - Update planned in November
12/11/2008 - Status Update Received - no estimated release date
02/19/2009 - Status Update Received - new case manager, estimated
release date 06/09/2009
05/12/2009 - Coordinated Public Disclosure
IX. CREDIT
Core Security Technologies notifies the MSRC of the vulnerability,
setting the estimated publication date of the advisory to March 1st, 2011.
. 2011-02-04:
MSRC notifies that the case 10985 was opened to track this issue and a
case manager will get in contact shortly.
. 2011-02-22:
MSRC notifies that the results of their investigation indicate this is
an authenticated local DoS: An admin on a guest VM can manage to cause a
DoS on the host. The impact is all guests on that host became
2011-04-22: Vendor: Very fast response, issue is being investigated:
MSRC case 11257
2011-04-28: Contacted vendor asking for updates
2011-05-17: Contacted vendor again asking for updates
2011-05-19: Contacted personal contact at MSRC asking for updates
2011-05-19: Answer from personal contact and from case manager: they
could reproduce the issue and are currently working on a fix
timeline, fix expected in the next few months
2011-05-30: Contacted vendor informing about our publishing schedule:
minimal information will be published on June 13th, mutual
customers will be informed in more detail, advisory and
06/17/2008 - Initial Response
06/18/2008 - Confirmation received - no estimated release date
07/22/2008 - Status Update Requested
07/23/2008 - Status Update Received - Update planned in November
12/11/2008 - Status Update Received - no estimated release date
02/19/2009 - Status Update Received - new case manager, estimated
release date 06/09/2009
04/23/2009 - Status Update - release on track
05/12/2009 - Coordinated Public Disclosure
IX. CREDIT
- FLOSS tools for analysis of cybercrime
- Data mining systems for cyber-crime strategy analysis and modeling
- Systems for data collection and monitoring of attack trends
- FLOSS tools validation and test cases, or FLOSS validation approaches
for proprietary tools
- FLOSS tools for the automation of the forensic process and case management
We expect technical papers detailing implementation and validation of
such tools, comparisons between open source and proprietary tools, and
papers balancing benefits and drawbacks of open source and proprietary
tools in digital investigation. While the main focus of the workshop is
"
Progress is an internet based product which enables all parties involved
in a matter, such as clients, work providers, estate agents, brokers or
solicitors to look up and track all matter details, including WIP,
accounting information, actions taken and the progress being made on all
case management files over the Internet, 24 hours a day, 7 days a week.
Through a link from your firms own website or the DPS website, all
parties can log on to Progress and view a report of each matter. How
much each party can view of the progressed details made on a matter and
then subsequently published to the Internet is strictly controlled by
. 2010-04-19:
MSRC responds that case 9975cw has been opened.
. 2010-04-27:
New case manager assigned by MSRC to handle the case. The issue is still
being investigated.
. 2010-04-30:
Vendor concluded the investigation and confirmed that its is an
exploitable issue that can allow remote code execution. A security
|
