[ntp:security] NTP disclosure for Microsoft

Sue Graves sgraves at nwtime.org
Tue Oct 20 00:42:56 UTC 2015


Thanks for asking. Microsoft isn't a consortium member and hasn't signed
an NDA with us.  If you'd like the early patch, Please have our NDA
signed and we'll get it to you for this notice.

Because we are Open Source and NTP is so reliable, we simply don't have
staff to support bug fixes and code improvements along with handling
security issues without more support from the vendors who use our
software in the OS or Products.
If Microsoft would like to permanently be on our Advanced Security
Notification list and get early patches, you can join our Consortium at
the Partner or Premiere Level.  Please see our benefits listing for more
details: http://nwtime.org/membership/benefits/

Best Regards,
p.s.- We've also spoken with Ed Briggs about this in the past.
edbriggs at microsoft.com

On 10/19/2015 4:03 PM, JR Mayberry wrote:
> Hi,
> Microsoft has learned there’s an announcement for NTP vulns coming out
> this week. I checked with our MSRC team and they didn’t receive a
> pre-release.
> Is there a pre-release we can gain access to?
> Thanks
> _______________________________________________
> security mailing list
> security at lists.ntp.org
> http://lists.ntp.org/listinfo/security

Knowing the correct time isn't always important - until it is.
Join Network Time Consortium http://nwtime.org/join
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NTF NDA.pdf
Type: application/download
Size: 143776 bytes
Desc: not available
URL: <http://lists.ntp.org/private/security/attachments/20151019/b4f01e21/attachment-0001.bin>

More information about the security mailing list