F.Y.I.

PivX Analyzes Microsoft's Service Pack 1 for Internet Explorer, Finds 19 Vulnerabilities
Posted on 13 September 2002


Newport Beach, CA, September 12, 2002 : PivX Solutions, a leader in Network Security has completed it's analysis of the long awaited Service Pack 1 for Microsoft Internet Explorer 6.0 and the results show that 19 vulnerabilities remain unpatched in Internet Explorer 6.0.

"PivX obtained an advance copy of the Microsoft Internet Explorer Service Pack 1 in early August and found that many of the vulnerabilities we had previously announced had not been addressed or patched in that version" said Rob Shively, CEO of PivX Solutions. "The researchers, led by Thor Larholm logged their findings and posted several of them in the hopes that Microsoft would include them in the final service pack" said Shively. According to Thor Larholm "After IE6 SP1 has been released there are still 19 publicly known unpatched vulnerabilities, some several years old. Only 2 of the listed vulnerabilities were immediately patched, barely 10%". To see the complete research notes go to: http://pivx.com/larholm/unpatched/pivxie6sp1notes.html

Recently Malware.com and Grey Magic Security made international news releasing 2 of their significant Internet Explorer vulnerabilities. These and many others remain unpatched and working since our research revealed the shortcomings of the new Internet Explorer Service Pack 1. Both are well known and can be easily abused by malicious programmers for ill purposes:
http://www.malware.com/stench.html
http://sec.greymagic.com/adv/gm010-ie/

To see which vulns remain unpatched go to: http://pivx.com/larholm/unpatched/

For technical information please contact Thor Larholm at: tlarholm@pivx.com or Geoff Shively at: gshively@pivx.com

About PivX Solutions
PivX Solutions, is a premier network security consultancy offering a myriad of network security services to our clients, the most notable being our proprietary Risk and Vulnerability Assessment (RAVA) for both wired and wireless networks. PivX founders have also developed the patented Invisiwall™ network security device which offers the most comprehensive and secure intrusion detection system available. For more, visit http://www.pivx.com

For more information contact Geoff Shively CHO and Co-founder: gshively@pivx.com.