Microsoft Faces Criticism Over Zero-Day Vulnerabilities and Patch Delays
Trend Micro's Zero Day Initiative (ZDI) criticized Microsoft for not crediting them in the disclosure and patching of a zero-day vulnerability in MSHTML, reported in May and patched in July. ZDI claims the flaw is a remote code execution vulnerability, contrary to Microsoft's classification as a spoofing vulnerability. This incident highlights broader issues in the coordinated vulnerability disclosure process, with vendors often failing to properly communicate and credit researchers.