Microsoft Knew of IE Zero-Day Flaw Since September

Posted by | Jan 23, 2010

From threatpost.com:

Microsoft today admitted it knew of the Internet Explorer flaw used in the attacks against Google and Adobe since September last year.

The flaw was in the Microsoft Security Response Center’s (MSRC) queue to be fixed in the the next batch of patches due in February but the targeted zero-day attacks against U.S. companies forced the company to release an emergency, out-of-band IE update.
The IE update applies to all versions of the browser on all Windows OS versions and patches at least eight documented vulnerabilities that could lead to remote code execution attacks.

The patches are included in the critical MS10-002 bulletin.

The vulnerability used in the attacks (CVE-2010-0249) was privately reported to Microsoft last August by Meron Sellen, a white-hat hacker at BugSec, an Israeli security research company. Microsoft program manager Jerry Bryant said the company confirmed the severity of the flaw in September and planned to ship a fix in a cumulative IE update next month.

Categories : ,

Tags :,,

Related Posts

I-Soon Data Leak Provides Glimpse Into China’s Ecosystem of Cyber-espionage

Translation: Special One-Month Reconnaissance Operation Against “Overseas Cyber Forces”

Translation: Sharp Eyes—A Year in Rural Surveillance

CAC Roundup: Recommendation Algorithm Regulations, Cybersecurity Review for Overseas Listings, and Fines for Weibo and Douban

LinkedIn Censors More Journalist Profiles in China, Suggests Self-Censorship as Solution

Translation: “Program-Think,” Notorious Anonymous Chinese Blogger, Feared Detained

LinkedIn Censors Tiananmen Content, Again

Navigating Chinese AI Research Collaboration: Cases from Australia, Microsoft

U.S. Tech Workers Back Chinese Counterparts

Scrutiny of Ties to Xinjiang Surveillance Intensifies

U.S. Companies Fuel Surveillance in China

Google Employees Fear China Project Continues

Are Google’s China-made Security Keys Safe?

CDT EBOOKS

DOWNLOAD EBOOKS

CDT Features

Subscribe to CDT

SUPPORT CDT

Browsers Unbounded by Lantern

Now, you can combat internet censorship in a new way: by toggling the switch below while browsing China Digital Times, you can provide a secure "bridge" for people who want to freely access information. This open-source project is powered by Lantern, know more about this project.

Google Ads 1

Giving Assistant

Google Ads 2

Anti-censorship Tools

Life Without Walls

Click on the image to download Firefly for circumvention

Open popup
X

Welcome back!

CDT is a non-profit media site, and we need your support. Your contribution will help us provide more translations, breaking news, and other content you love.

Donate