---

The Exploit That Didn’t Happen

“Looking back at the vulnerabilities that were disclosed in
2011, there was at least one case where researchers had expected an
exploit to appear in the wild, but none actually emerged. During a
recent Black Hat live web event, Tom Cross, manager of IBM’s
X-Force research group, said that one of the scariest
vulnerabilities of 2011 was described in Microsoft Security
Bulletin MS11-020, which Microsoft rated as being critical in
April…

But that was then. It’s now been nine months since the initial
disclosure, and the MS11-020 vulnerability has done little or no
damage whatsoever. Cross noted that there have been no public
attacks against the vulnerability — not even any proof-of-concept
exploit code.


Complete Story