IE Flaw Found and Exploited
A newly found IE zero-day flaw has been found, publicized and is now being exploited. And this is not the kind of story I like to report.
In walking through this news, I'm hoping you'll help me understand the logic and report back to me and the tens of thousands of Redmond Report readers by writing to [email protected].
On Monday Rapid7, a security firm, wasted no time in telling the world that IE 9 and a number of earlier versions had a flaw that impacted XP, Vista and Win 7. The attacks trick a user into clicking on a malicious Web site, giving the attacker access to elevated privileges.
Of course now hackers are exploiting the flaw which Microsoft, given the short notice, hasn't had time to fix.
Why on earth do security firms publicize flaws before they are fixed? To me this is totally irresponsible.
Tell me where I'm wrong or more likely right at [email protected]. In the meantime, if I get hacked this way, I'll blame Rapid7.
Posted by Doug Barney on 09/19/2012 at 1:19 PM