Microsoft Admits it Knew of Bug for months

Posted: January 24, 2010 in Tech

From Microsoft’s own Security Team, the vulnerability being used in active attacks was privately reported in September last year and Microsoft were planning to release a cumulative Internet Explorer update in February.

The flaw is an invalid pointer reference which gives cyber criminals the ability to perform remote code execution. Although it has so far only been proved to have happen on IE 6, the patch addresses all version of the popular browser.

The cumulative patch, MS10-002, has now been released and it addresses eight separate vulnerabilities that range from Information Disclosure to Remote code execution. Not all eight vulnerabilities are equally applicable to each supported version of Internet Explorer, but the presence of at least one Remote Code Execution vulnerability for each version means that the rating of Critical is applicable for all the versions.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s