RSS Alerts

Share

More services

Related Links

  • Black Hat DC 2010
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

News

Microsoft were aware of Aurora security flaws

26 January 2010

Earlier reports that Microsoft knew about the critical Internet Explorer security flaws that forced it to release an out-of-band patch last Thursday evening have been confirmed - by Microsoft.

In a blog posting by Jerry Bryant, a Microsoft security programme manager, "when the attack discussed in Security Advisory 979352 was first brought to our attention on Jan 11, we quickly released an advisory for customers three days later."

"As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September."

Response to the news that Microsoft knew of the IE security problem back in September has drawn criticism from the IT community.

But the furore surrounding security flaws on Internet Explorer shows no sign of fading away, as reports are coming in that another major flaw - this time dating back two years - will be revealed by Jorge Medina, a security researcher with Core Security Technologies at next week's Black Hat security event in Washington DC.

Medina has told reporters that the flaw he plans to reveal has resisted two attempts by Microsoft to solve and can, under certain circumstances, allow a hacker to read files on someone's PC without any code installation being required.

The problem, he says, is that the flaw is not really a flaw, but a feature, which makes it a lot more difficult for Microsoft to fix.

 

This article is featured in:
Application Security • Internet and Network Security • Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012