http://www.techworld.com/security/news/index.cfm?newsID=108274 By Jeremy Kirk IDG news service 11 December 2008 The security woes continued for Microsoft after Chinese security researchers mistakenly released the code needed to hack a PC by exploiting an unpatched vulnerability in Internet Explorer 7. At one point, the code was traded for as much as $15,000 (£10,000) on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team. The problem in Internet Explorer 7 means a computer could be infected with malicious software merely by visiting a website, one of the most dangerous computer security scenarios. It affects computers running IE7 on Windows XP, regardless of the service pack version, Windows Server 2003 running Service Pack 1 or 2, Windows Vista and Windows Vista with Service Pack 1 as well as Windows Server 2008. Microsoft has acknowledged the issue but not indicated when it will release a patch. The vulnerability was first revealed earlier this week by the Chinese security team "knownsec." Knownsec said on Tuesday they mistakenly released exploit code thinking that the problem was already patched, iDefense said. "This is our mistake," knownsec said in a Chinese-language research note. [...] _______________________________________________ Help InfoSecNews.org with a donation! http://www.infosecnews.org/donate.htmlReceived on Fri Dec 12 2008 - 01:12:02 PST
This archive was generated by hypermail 2.2.0 : Fri Dec 12 2008 - 01:25:22 PST