Just when I get suckered into believing the MSRC is on top of patching security holes in Windows products, along comes something to jolt me back to reality. Does it really take five months to address such a serious vulnerability?
I remember writing about this back in April when the first warning was issued with accompanying proof-of-concept exploit code.
Now that customers are being affected (see this Symantec advisory), will Microsoft rush out a patch?
The MSRC folks appear genuine when they talk about responding in an upfront way to security holes. But when evidence of unforgiveable tardiness come to the fore, you have to wonder whether some things just slip through the cracks.