[ISN] Microsoft races to plug IE hole after exploit code released

From: InfoSec News <alerts_at_private>
Date: Mon, 15 Mar 2010 00:21:50 -0600 (CST)

By Elinor Mills
InSecurity Complex
CNet News
March 12, 2010

Microsoft said on Friday it is testing a patch to fix a new hole in 
Internet Explorer 6 and IE 7 following the release of exploit code on 
the Internet.

With the announcement it seems increasingly likely that the company will 
be issuing a patch for the hole before the next Patch Tuesday in about 
four weeks, if the testing of the patch goes quickly.

Microsoft warned about the hole, which it said was being targeted in 
attacks and could allow an attacker to take control of a computer, in an 
advisory on Tuesday. The next day, Israeli researcher Moshe Ben Abu 
released exploit code for the vulnerability after using clues in a 
McAfee blog post to find existing exploit code and pinpointing the 
weakness from there.

"We have seen speculation that Microsoft might release an update for 
this issue out of band. I can tell you that we are working hard to 
produce an update which is now in testing," Jerry Bryant, senior 
security communications manager lead at Microsoft, wrote in a post on 
the Microsoft Security Response Center blog.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Sun Mar 14 2010 - 23:21:50 PDT

This archive was generated by hypermail 2.2.0 : Sun Mar 14 2010 - 23:28:52 PDT