An inside look into building and releasing MS07-017
MS07-017 – the Security Bulletin that fixes the vulnerability in Animated Cursor Handling (CVE-2007-1215) – has been released, helping to block attacks on that vulnerability. While Microsoft released it within 5 days of being notified of attacks, they received questions from customers about why it took us 3 months to develop and release the fix for this vulnerability.
This article provides some insight into the history of this vulnerability, and while doing so, hopefully provide insight into the overall security update lifecycle, including testing, which consumes the greatest amount of time.
[ Read more ]