The Inquirer-Home

Microsoft's IE has still more flaws

It's a never ending story it seems
Mon Jan 25 2010, 14:57

INSECURITY EXPERTS have been having a look at Microsoft Internet Explorer (IE) vulnerabilities and have found, you guessed it, even more.

Core Security Technologies told Reuters that one of its consultants had discovered a series of four or five potentially exploitable flaws in IE that could be used to give an attacker remote access to a user's PC. Individually, none of the vulnerabilities could be used to break into PCs running IE, but linked together they could.

It has already brought the flaw to Microsoft's attention and intends to run a demo of the hack at a Black-Hat security conference in Washington early next month.

The last thing the Vole needs is another discovery of an Internet Exploder vulnerability, one of which led to a Chinese hack into Google's information on human rights activists, but now it has not just one but several. These tip up just days after it issued an out-of-band patch for its ms10-002 security bulletin.

As we mentioned last week, Microsoft had already been fully aware of the IE 6 flaw after Meron Sellen, a white-hat hacker employed as a security researcher by Israeli firm BugSec, had alerted the company back in September 2009.

It will be interesting to see if the Vole issues another out-of-band security patch for these flaws or will try to resume business as usual by addressing this raft of newly discovered vulnerabilities in its monthly security patches in February. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Microsoft's Windows 10 Preview has permission to watch your every move

Does Microsoft have the right to keylog users of its Windows 10 Technical Preview?