Security Companies Report Microsoft IE Flaw to be Known Since 2007
By Gina on July 13, 2009 | Vulnerabilities, internet explorer, microsoft, ms ie, exploit, ie exploit
The Microsoft's Internet Explorer users all over the world have been shocked to find out that due to an ActiveX dysfunction their system security has been at stake. It appears that Microsoft have been aware of the threat since last year, though have not, however, released the patch that would have helped to prevent the possible hacker attacks.
Only after the security companies have reported thousands of corrupted websites after the 4th of July weekend, Microsoft have admitted the Active X bug and have promised to issue the patch until the 14th of July. The flaw had enabled the hackers to redirect the Internet Explorer users to a malicious website, which had then downloaded and installed the tools that were used for system disrupt.
The AVG Technologies' chief research officer Roger Thompson stated that the flaw's “better than the previous Conficker attack, which mostly did its damage once it got inside a network”, however it is of a high security risk as it “can be exploited through the firewall and therefore expose the whole world.” It was in January that the recent Conficker worm had infected millions of computers all over the world, as Microsoft did not take the necessary actions in order to protect the users from the virus.
The IBM's X-Force research team has detected the current bug back in 2007, and had informed Microsoft about the issue along with the number of other IE security flaws and dysfunctions. Alex Wheeler, a former research team member, had refused to disclose the details on when was it exactly that they have found out the vulnerability, due to his contact on confidentiality signed with the IBM.
Microsoft have also declined to provide any explicable information on why they haven't provided the patch for the bug. "When we were alerted in 2008, we immediately started an investigation, as we wanted to be thorough, this took extra time to fully evaluate” stated the Microsoft spokesman in an e-mail, explaining the problem.
This tends to raise hesitation upon Internet Explorer being the most reliable Internet browser.
More Vulnerabilities news
Firefox 9.0 and four critical flaws fixed
Firefox 9.0 comes with a faster JavaScript engine but the main thing it brings is fixes to four serious vulnerabilities that affect its earlier versions (except v3.6). The security hole could allow an attacker to execute malicious code on a machine using a specially arranged web page. Firefox 9.0 version fixed flaw that enabled the hackers to access out-of-bounds memory areas. Moreover, Firefox 9. Read more.- Major flaw of Adobe Reader and Acrobat 9.x is patched
- Adobe Reader targeted again: Acrobat vulnerability
- From „White hat“ Charlie Miller was turned to „Black hat“
- Temporary remedy against Dugu
- Malware distribution tendencies 2011
- Mac OS X Lion flaw gives opportunity attacker changing victim’s password
- Flaws have been detected in Symantec Endpoint Protection Manager
- New IE bug may expose your cookies
- Secret is not revealed but Facebook’s flaw is repaired
- XSS flaw of Facebook is unpatched and explored for Wall posting
