SecurityFocus reports that Microsoft has found a zero-day exploit through its web-spidering honeypot project it calls HoneyMonkeys. It was patched on the August Black Tuesday patch day.
<p>While not terribly surprising that the find was made, it is surprising that the find was publicized. Microsoft’s position has historically been that security researchers are reckless and irresponsible for publishing vulnerabilities in its software products, even if Microsoft has had reasonable time to fix the probems. Their contention, is that noone but the <a href="http://en.wikipedia.org/wiki/Whitehat">whitehat</a> security researchers have this knowledge so there is no danger to the public until they publish or Microsoft releases a patch. This new research by Microsoft directly contradicts their previous position, and is more in line with what the rest of the security community believes to be true.</p>
<p>So, has Microsoft matured in its security posture or is this just one that fell through the damage control cracks? Either way, it forever limits the excuses they can make in the future.