Security Companies Report Microsoft IE Flaw to be Known Since 2007

The Microsoft's Internet Explorer users all over the world have been shocked to find out that due to an ActiveX dysfunction their system security has been at stake. It appears that Microsoft have been aware of the threat since last year, though have not, however, released the patch that would have helped to prevent the possible hacker attacks.

Only after the security companies have reported thousands of corrupted websites after the 4th of July weekend, Microsoft have admitted the Active X bug and have promised to issue the patch until the 14th of July. The flaw had enabled the hackers to redirect the Internet Explorer users to a malicious website, which had then downloaded and installed the tools that were used for system disrupt.

The AVG Technologies' chief research officer Roger Thompson stated that the flaw's “better than the previous Conficker attack, which mostly did its damage once it got inside a network”, however it is of a high security risk as it “can be exploited through the firewall and therefore expose the whole world.” It was in January that the recent Conficker worm had infected millions of computers all over the world, as Microsoft did not take the necessary actions in order to protect the users from the virus.

The IBM's X-Force research team has detected the current bug back in 2007, and had informed Microsoft about the issue along with the number of other IE security flaws and dysfunctions. Alex Wheeler, a former research team member, had refused to disclose the details on when was it exactly that they have found out the vulnerability, due to his contact on confidentiality signed with the IBM.

Microsoft have also declined to provide any explicable information on why they haven't provided the patch for the bug. "When we were alerted in 2008, we immediately started an investigation, as we wanted to be thorough, this took extra time to fully evaluate” stated the Microsoft spokesman in an e-mail, explaining the problem.

This tends to raise hesitation upon Internet Explorer being the most reliable Internet browser.

More Vulnerabilities news

A Bug Found in OpenSSL

A “severe vulnerability” was found in the OpenSSL. Computer researcher's used software encryption package that allows them to rebuild a machine's confidential cryptographic key. The flaw in OpenSSL is important because the open-source package is used to protect sensitive data all over the world. Read more.

• Google Engineer Disclosed Window's DEP Flaw
• Be Careful With F1!
• Top 10 TLDs Used by Botnets For CnC
• Mistakes to Avoid on Social Networks
• New Windows Security Update Patches Critical Flaws
• Google Announced a New Bug Bounty Program
• Security Makers Use Adobe Avoiding Attacks on Windows PCs
• Trojan “Plays” With Install Files
• Fraudulent Firefox Update Spreads Via Zango Toolbar
• Microsoft Explores Another IE Flaw After the Google Attack

News categories

• Malware
• Spam and email
• Phishing
• Mobile security
• Vulnerabilities
• Security software
• Online security
• Security basics

Latest news

• New iPad Attracts Spammers
• How to Create a Secure Password?
• A Bug Found in OpenSSL
• Source Code is Stolen By Hackers
• Google Engineer Disclosed Window's DEP Flaw
• Top 15 Most Abused TLDs in February 2010
• Mariposa Botnet is Closed and Attackers Are Arrested
• Be Careful With F1!
• Fake Virus Total
• Recently Used Spam Categories

Antispyware Software

• • Download Spyware Doctor
    
• • Download VIPRE Antivirus + Antispyware
    
• • Download Trend Micro AntiVirus plus AntiSpyware
    
• • Download Spy Sweeper
    

Subscribe