Microsoft responded to proof-of-concept releases for six zero-day vulnerabilities in its products that were published without prior coordination. The vulnerabilities were named BlueHammer, GreenPlasma, MiniPlasma, RedSun, UnDefend, and YellowKey. Microsoft said the disclosures were not responsibly handled and were released without warning, leaving its security teams unprepared. Microsoft stated it uses Coordinated Vulnerability Disclosure processes each year with many security researchers to enable ethical sharing, patch development, and recognition of researchers. Microsoft said its teams worked around the clock to assess impact, protect customers, and develop security updates. Microsoft said it remains opposed to disclosures outside proper coordination that could harm customers.
"Microsoft said that every year, it works with hundreds of security researchers through established Coordinated Vulnerability Disclosure (CVD) processes, an industry standard set of best practices that enable ethical hackers to share their findings with suppliers to enable them to address the issue prior to disclosure."
"However, said Microsoft, the vulnerabilities uncovered by Nightmare Eclipse, known as BlueHammer, GreenPlasma, MiniPlasma, RedSun, UnDefend and YellowKey, were not responsibly disclosed but rather unleashed on the world without warning over the past few weeks, leaving its teams unprepared and running to catch up."
""In response to the unnecessary risk created by these disclosures, our security teams have been working around the clock to understand the impact, protect our customers, and develop security updates," said Microsoft."
""We remain firmly opposed to these actions, and any disclosure outside proper coordination that could harm our customers an""
#zero-day-vulnerabilities #coordinated-vulnerability-disclosure #proof-of-concept-exploits #microsoft-security-updates #cybersecurity-researchers
Read at ComputerWeekly.com
Unable to calculate read time
Collection
[
|
...
]