I just posted about the MSRC’s Advance Notification for the July 2009 security bulleting release but as soon as I did that I saw that they also followed that up with some insight into 972890:
We’ve gotten some questions from customers about when we got the first report of this vulnerability and how long the investigation has taken relative to the outbreak of attacks against this vulnerability.
Before I go into the details, the key thing I want customers to understand is that this is an issue that was responsibly reported to us and we have been driving in our standard process towards a security update. While in the middle of that process, attackers found this same vulnerability and began attacks against it. We were far enough in the process that we…
To continue reading see Questions about Timing and Microsoft Security Advisory 972890.
J.C. Hornbeck | Manageability Knowledge Engineer