Microsoft has shipped MS10-042 as a critical bulletin to cover the hole which has already led to in-the-wild malware attacks. Last month, when Google researcher Tavis Ormandy released details on a critical Help and Support Center vulnerability that exposed Windows XP and Windows Server 2003 users to malicious hacker attacks, Microsoft was publicly unhappy with the decision. Microsoft says it never failed to give the researcher a 60-day patch window. Microsoft pushed out a fix in just 33 days much shorter than the average time it takes to issue a fix for a Windows vulnerability.
Source: https://threatpost.com/ms-patch-tuesday-googler-zero-day-fixed-33-days-071310/74202/

