INSECURITY EXPERTS have been having a look at Microsoft Internet Explorer (IE) vulnerabilities and have found, you guessed it, even more.
Core Security Technologies told Reuters that one of its consultants had discovered a series of four or five potentially exploitable flaws in IE that could be used to give an attacker remote access to a user's PC. Individually, none of the vulnerabilities could be used to break into PCs running IE, but linked together they could.
It has already brought the flaw to Microsoft's attention and intends to run a demo of the hack at a Black-Hat security conference in Washington early next month.
The last thing the Vole needs is another discovery of an Internet Exploder vulnerability, one of which led to a Chinese hack into Google's information on human rights activists, but now it has not just one but several. These tip up just days after it issued an out-of-band patch for its ms10-002 security bulletin.
As we mentioned last week, Microsoft had already been fully aware of the IE 6 flaw after Meron Sellen, a white-hat hacker employed as a security researcher by Israeli firm BugSec, had alerted the company back in September 2009.
It will be interesting to see if the Vole issues another out-of-band security patch for these flaws or will try to resume business as usual by addressing this raft of newly discovered vulnerabilities in its monthly security patches in February. µ