I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.
It only applies if there is an update already scheduled. It's not just a free 14 day extension. We settled on 90 days, but try to accommodate vendors with rigid patch schedules like Microsoft.
-
-
Not saying it’s free, just accommodating for real life patch deployment issues (which on the surface appears to look like this case - ms actively working on a patch, find additional issues, then waive grace?...) So was grace cancellation explicit or implicit?
-
It isn't for accommodating deployment issues. That's what the 90 days are for - developing and testing patches. The grace period is *only* for syncing with a previously scheduled patch window, and does not apply here.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.