Microsoft Announces Coordinated Vulnerability Disclosure Procedures And First Two Vulnerability Advisories

Microsoft announced that it will be actively demonstrating its commitment to Coordinated Vulnderability Disclosure (CVD) by publishing CVD documents and releasing Microsoft Vulnerability Research (MSVR) Advisories on vulnerabilities discovered by Microsoft but fixed by affected vendors. Microsoft hopes that these documents will provide more transparency and insight into their disclosure philosophy and about how they go through the process.
CVD documents clarify how Microsoft responds as a vendor impacted by the vulnerabilities in their own products and services. These documents also demonstrate how Microsoft acts as a finder of vulnerabilities in third-party products and services, and how they act as a coordinator of such vulnerabilities. Read more on CVDs here (word document).
MSVR advisories cover security vulnerabilities that Microsoft or other security researchers discovered in third-party products or services. Microsoft discloses the vulnerabilities to the affected vulnerabilities using procedures described in the Coordinated Vulnerbility Disclosure.
Additionally, yesterday, Microsoft released the first two MSVR advisories which cover issues discovered by Microsoft in third party products, MSVR11-001 and MSVR11-002. Vulnerability 001 covers a vulnerability affecting the Google Chrome browser in versions prior to 6.0.472.59. This vulnerability affects the Sandbox in Chrome and could actually allow an attacker to run arbitrary code inside of Chrome's Sandbox. If the attacker fully exploited this vulnerability your browser would become unresponsive and/or exit unexpectedly; the attacker could run arbitrary code. Vulnerability 002 affects Google Chrome versions 8.0.552.210 and earlier, and Opera versions 10.62 and earlier; 002 addresses an information disclosure vulnerability which exists in the implementation of HTML5 in these browsers. If an attacker successfully exploited this vulnerability they could obtain private information from you.
As always, you should keep your system and programs on automatic update to get the most up to-date bug-free versions. To learn more about each vulnerability visit the Microsoft Vulnerability Research Advisories page.


Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info. Thank You ! -Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You! -Team VOGH



Post a Comment

Related Posts Plugin for WordPress, Blogger...