-
November 26th, 2009, 22:39 PM
#1
Head Honcho
Administrator
Race on between hackers, Microsoft over IE zero-day
Hackers are racing to build reliable exploits to use against a zero-day vulnerability in Internet Explorer (IE), putting pressure on Microsoft to push out a patch before attacks go public, researchers said today.
Yesterday, Microsoft first confirmed that new exploit code could compromise PCs running Internet Explorer 6 (IE6) and Internet Explorer 7 (IE7), then later in the day issued a security advisory that said Windows 2000, Windows XP and Windows Vista users were at risk.
Because the attack code had been publicly posted to a widely-read mailing list, researchers today said that the clock has started.
"This is clearly a critical vulnerability, and as bad as it gets," said Ben Greenbaum, a senior research manager with Symantec's security response team. "It is a race, yes, it certainly is," he added when asked whether hackers and Microsoft are pitted in a drag race.
"Definitely some kind of race," agreed Wolfgang Kandek, the chief technology officer at security company Qualys. "It's a matter of whether Microsoft can fix it first or attackers can get something that works reliably."
Full story: Computerworld
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Bookmarks