0days Growing?

It seems a new trend not to report vulnerabilities in a responsible manner but using the irresponsible way of publishing vulnerabilities on the Internet.

There is a new one: SANS was claiming that it is a second Excel vulnerability, which is not the case: It seems to be a vulnerability in a Windows dll called hlink.dll. Additionally there have been claims that this vulnerability is used for active attacks, which again is wrong: there is Proof of Concept code out there but we do not not (yet) of any attacks taking place using this vulnerability.

All we know at the moment can be found here: https://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx

Roger