Wednesday, November 12, 2008

Pretty Sure This Holds The Record

MS08-068 was released on November 11th, 2008. There was an exploit published on 21 March, 2001 by Sir Dystic of cDc that attacked this vulnerability. That was when Windows 2000 was current, yet the vulnerable code made it successfully into the Windows XP (1), Windows Server 2003 (2), Windows Vista (3) and Windows Server 2008 (4) operating systems that were released after Microsoft was made aware of this vulnerability.

That's 4 completely new OS releases that contained known-vulnerable and actively exploited code.


Does this patch hold the world record for delay since notification and correction? 2792 days. 7 years, 7 months and 21 days. A record to stand the test of time, I wonder? :)


The Outspoken Wookie

No comments: