Microsoft's Don't Ask Don't Tell: Zero-Day Flaw - The UpStream

Microsoft's Don't Ask Don't Tell: Zero-Day Flaw

posted Sunday Jan 24, 2010 by Jon Wurm

Microsoft's Don't Ask Don't Tell: Zero-Day Flaw

By now you are well aware of the recent attacks on Google and others originating from inside Chinese borders. What you might not be aware of is that the Zero-Day Flaw that primarily effected Internet Explorer 6 and was used to exploit those companies didn't just spring up out of nowhere. Last September, Meron Sellen, a BugSec security researcher, reported the security vulnerability to Microsoft and they immediately realized the severity of the flaw but did not address the issue immediately and instead decided to include the fix in a cumulative update sometime next month. Microsoft stated,

An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Last Thursday Microsoft did release a security update for Internet Explorer that fixed the Zero-Day Flaw and addressed other security issues. Also according to iDefense, a security firm, 34 other companies were attacked and breached along with Google and Adobe. Perhaps Microsoft letting this issue go knowing the potential for damages is a little irresponsible.

Advertisement

Login to CommentWhat You're Saying

Be the first to comment!

We're live now - Join us!
PLUGHITZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats