The *update* was posted January 14, 2002. A certain MS employee linked to an *update* of an old bug and called it a new exploit, for obvious reasons.
You'll notice the first line there says, The CERT/CC has received credible reports of scanning and exploitation of Solaris systems running the CDE Subprocess Control Service buffer overflow vulnerability identified in CA-2001-31 and discussed in VU#172583.
You click on CA-2001-31 and notice it says This vulnerability was first reported to us in March 1999, and more recently by Internet Security Systems (ISS) X-Force. .
The Clintons would be proud! Ya'll have an MS employee trying to snow you big-time! You should be happy that we rate this kind of effort from MS.