They're saying what we reported was a defense-in-depth fix only, but they won't tell us what that defense-in-depth fix really is," Dustin Childs, head of threat awareness at ZDI, told The Register in an exclusive interview.
This entire series of unfortunate events not only highlights problems with Microsoft's bug reporting program, but also the coordinated vulnerability disclosure process in general, according to Childs.
Vendors want the researchers to coordinate with them up front, but once they get the bugs, they stop coordinating with the researchers.
"It's a pretty nifty exploit," Childs told The Register. "These threat actors found a way to resurrect a zombie Internet Explorer. They were able to get Internet Explorer to then go out and download a stea
[
Collection
]
[
|
...
]