Research

Sherlock Forensics Labs: Responsible Disclosure Tracker

Live status on coordinated security disclosures led by our research team. We follow industry-standard 90-day coordinated disclosure with vendor-acknowledged early-release provisions. Active findings are listed with a public summary plus countdown to the disclosure window close. Full technical detail publishes on schedule or earlier when the vendor confirms a fix.

In Disclosure Window

Active Disclosures

SF-LABS-2026-02 / Brother

Brother Windows Software Local Privilege Escalation

Active disclosure window

Another clean path from an everyday user account to full SYSTEM control. Bundled Brother device software widely deployed across Windows fleets. Non-administrator obtains a SYSTEM shell on the host.

Loading... --h --m

SF-LABS-2026-01 / Intuit

Intuit QuickBooks Desktop Local Privilege Escalation

Active disclosure window

A standard non-administrator user can seize full SYSTEM control of any Windows machine running the affected QuickBooks Desktop component. No administrator rights, no reboot, no user interaction. The component has shipped unchanged across more than a decade of QuickBooks Desktop releases.

Loading... --h --m

Fully Released

Disclosed Archive

No publicly released advisories yet. Released disclosures with full technical detail will appear here once the disclosure window closes on each finding.

How We Work

Lab Methodology and Disclosure Policy

Sherlock Forensics Labs operates on the 90-day coordinated disclosure model. When our research surfaces a vulnerability in a vendor product, we notify the vendor on day zero with full technical detail. The vendor has 90 days to ship a fix before public disclosure. If the vendor confirms a fix earlier we publish at vendor approval. If 90 days elapse without a fix we publish on schedule.

Our public stance during the disclosure window is minimal. We acknowledge the existence of the finding, the vendor and product affected, the high-level vulnerability class and a status indicator on the disclosure timeline. We do not publish proof-of-concept code, exploitation specifics or technical details that would enable an attacker before affected users have remediation available.

Researchers and incident response teams who need pre-release notification under NDA can reach the lab at labs@sherlockforensics.com. Coordinated-disclosure peer review by other vendor security teams is welcomed.

About the Researcher

Ryan Purita

Ryan Purita is the Principal Security Consultant at Sherlock Forensics and the lead researcher for Sherlock Forensics Labs. Ryan holds CISSP, ISSAP and ISSMP certifications and has 20 years of digital forensics and security research experience. His prior work includes courtroom-tested forensic examination for civil and criminal proceedings, security advisory engagements for legal and enterprise clients across North America and original vulnerability research published through the Sherlock Forensics platform.

Lab disclosures are reviewed by the Sherlock Forensics technical team before vendor notification and again before public release. See Ryan's professional profile at LinkedIn or the broader Sherlock Forensics About page.

Forensic Posture

Beyond the Lab: Forensic Tools for IR Teams

The Sherlock Forensics tool suite ships the artifact-extraction layer that IR teams reason over during compromise investigations. Sherlock Forensics Disk Imager for forensic acquisition. Sherlock Forensics PST Viewer for mailbox forensics. Sherlock Forensics Universal Events Viewer for Windows event log triage. For court-defensible engagements contact our team for expert witness services.

Since 2006CISSP, ISSAP, ISSMP certified888.883.4550