This was a good read today morning..


The three main actors in this movie were a web application with a security vulnerability, Microsoft’s server class operating systems with an unpatched local privilege escalation vulnerability and the last line of everyone’s defense, the AV vendors.
Here's the brief : virustotal 0 detection - It's unpatched from over 10 months (Published: April 17, 2008 | Updated: October 9, 2008) - Most other security appliances will never pick it up..

Finally, the AV vendors should be more proactive (instead of reactive) and follow exploit research developments so they can add detection for similar exploits early and protect their customers.
Life isn’t easy, thanks to Microsoft!



Source : http://isc.sans.org/diary.html?storyid=6010