Security Companies Report Microsoft IE Flaw to be Known Since 2007
By Gina on July 13, 2009 | Vulnerabilities, internet explorer, microsoft, ms ie, exploit, ie exploit
The Microsoft's Internet Explorer users all over the world have been shocked to find out that due to an ActiveX dysfunction their system security has been at stake. It appears that Microsoft have been aware of the threat since last year, though have not, however, released the patch that would have helped to prevent the possible hacker attacks.
Only after the security companies have reported thousands of corrupted websites after the 4th of July weekend, Microsoft have admitted the Active X bug and have promised to issue the patch until the 14th of July. The flaw had enabled the hackers to redirect the Internet Explorer users to a malicious website, which had then downloaded and installed the tools that were used for system disrupt.
The AVG Technologies' chief research officer Roger Thompson stated that the flaw's “better than the previous Conficker attack, which mostly did its damage once it got inside a network”, however it is of a high security risk as it “can be exploited through the firewall and therefore expose the whole world.” It was in January that the recent Conficker worm had infected millions of computers all over the world, as Microsoft did not take the necessary actions in order to protect the users from the virus.
The IBM's X-Force research team has detected the current bug back in 2007, and had informed Microsoft about the issue along with the number of other IE security flaws and dysfunctions. Alex Wheeler, a former research team member, had refused to disclose the details on when was it exactly that they have found out the vulnerability, due to his contact on confidentiality signed with the IBM.
Microsoft have also declined to provide any explicable information on why they haven't provided the patch for the bug. "When we were alerted in 2008, we immediately started an investigation, as we wanted to be thorough, this took extra time to fully evaluate” stated the Microsoft spokesman in an e-mail, explaining the problem.
This tends to raise hesitation upon Internet Explorer being the most reliable Internet browser.
More Vulnerabilities news
Adobe Reader PDF patches the flaw disclosed at Black Hat
As the hole in an Adobe’s Reader was disclosed at the conference of Black Hat security conference, Adobe patched the flaw at last. Today Adobe released security update to patch the hole. At July's Black Hat event in Las Vegas, Charlie Miller found out about the vulnerability where he told about how the open-source BitBlaze toolkit could boost bug-hunting productivity. He also added that the bug was in Reader's and Acrobat's font parsing. Read more.- iPhone OS is not bulletproof
- All your base are belong to us: how to protect your router from DNS rebinding
- Same Skype Vulnerability is Used Again
- Competition Among Browsers: Keep the System Secure
- Apple Released Safari Update
- A Bug Found in OpenSSL
- Google Engineer Disclosed Window's DEP Flaw
- Be Careful With F1!
- Top 10 TLDs Used by Botnets For CnC
- Mistakes to Avoid on Social Networks
