Unpatched IE Flaw Is Worse Than Expected
Last week was shortened by the Thanksgiving holiday, and it seemed the malware guys took it off as well. There was not much going on of recent origin, and the biggest blip on the security radar was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared.
The realization caused Secunia to issue a rare "Extremely Critical" advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code. Benjamin Tobias Franz who figured out the original problem told Microsoft of the problem in March. Microsoft has done nothing to modify IE to reflect this information in the last six months. It may be because the risk of exploit was considered at the time to be "low".
The realization caused Secunia to issue a rare "Extremely Critical" advisory. Once thought just to be a DoS vulnerability, it turns out that it also allows execution of arbitrary code. Benjamin Tobias Franz who figured out the original problem told Microsoft of the problem in March. Microsoft has done nothing to modify IE to reflect this information in the last six months. It may be because the risk of exploit was considered at the time to be "low".
No comments:
Post a Comment