Microsoft were aware of Aurora security flaws

In a blog posting by Jerry Bryant, a Microsoft security programme manager, "when the attack discussed in Security Advisory 979352 was first brought to our attention on Jan 11, we quickly released an advisory for customers three days later."

"As part of that investigation, we also determined that the vulnerability was the same as a vulnerability responsibly reported to us and confirmed in early September."

Response to the news that Microsoft knew of the IE security problem back in September has drawn criticism from the IT community.

But the furore surrounding security flaws on Internet Explorer shows no sign of fading away, as reports are coming in that another major flaw - this time dating back two years - will be revealed by Jorge Medina, a security researcher with Core Security Technologies at next week's Black Hat security event in Washington DC.

Medina has told reporters that the flaw he plans to reveal has resisted two attempts by Microsoft to solve and can, under certain circumstances, allow a hacker to read files on someone's PC without any code installation being required.

The problem, he says, is that the flaw is not really a flaw, but a feature, which makes it a lot more difficult for Microsoft to fix.


What’s hot on Infosecurity Magazine?