Code Posted for IE Attack

New software has been published on the Internet that could be used to exploit a known flaw in Internet Explorer. The code, which was posted Monday to the Milw0rm.com Web site, exploits a recently patched flaw in Microsoft Corp.'s browser. It could be used to run unauthorized software on a computer that was not updated with the latest Microsoft patches, security experts warn.

The vulnerability was first discovered by security researcher HD Moore who posted code last July that could be used to crash the browser. Microsoft patched the flaw in February, but some security researchers say that it will get more attention from criminals because of this latest exploit code. "This type of vulnerability has been very popular with malicious attacks in the past and we expect to see its usage increase substantially, now that exploit code is publicly available," security vendor Websense Inc. warned in a note published Monday.

View: The full story
News source: PCWorld

Report a problem with article
Previous Story

Verizon Wireless to Spend $6 billion on Network Upgrade

Next Story

WiMAX development slowing down?

15 Comments

Commenting is disabled on this article.

hapbt said,
Why does it NOT matter is also a valid question?

1) For IE6, not IE7
2) The flaw was discovered in July 2006; 8 months later this shows up
3) The flaw was fixed in Feburary 2007; 1 month (almost 2 later) this shows up
4) The title deems as the flaw is STILL not fixed when it was been patched

More reasons?

The vast majority is still using IE6, and they also don't anxiously wait for every patch to come out just to patch one of the countless holes in IE6. So it does matter very well.

Aero Ultimate said,
The vast majority is still using IE6, and they also don't anxiously wait for every patch to come out just to patch one of the countless holes in IE6. So it does matter very well.

Even if the vast majority dont use IE7, this has been patched. IT IS A NONISSUE. That or it should be titled "A patched released in Feburary 2007 fixes a flaw for IE6 found in July 2006 which has to this date not been exploited".
So its either the long, true and accuarte or its a no story. Which do you pick?

The vulnerability was first discovered by security researcher HD Moore who posted code last July that could be used to crash the browser. Microsoft patched the flaw in February...
Well, I guess that Microsoft should have patched this a little quicker than 6 or so months. But, those out there that aren't keeping updated with patches are going to be the ones hit by this. The patch was issued before code was known to be released.

Since it seems this effects IE6 only and not IE7, I would guess that the delay in patching this from MSs side is that at the time they were still working on finishing up IE7 (back in July, I forget when IE7 went final actually), so they had IE7 work to get done first, then any IE6 problems.

Also from what I've seen, if they know of an security problem in IE or even Windows, but it's not activlly being exploited, they take their time with a patch and test it out more. When things are being targeted right away though, it doesn't take them long to issue a patch.