Barney's Blog

Blog archive

IE Flaw Found and Exploited

A newly found IE zero-day flaw has been found, publicized and is now being exploited. And this is not the kind of story I like to report.

In walking through this news, I'm hoping you'll help me understand the logic and report back to me and the tens of thousands of Redmond Report readers by writing to [email protected]

On Monday Rapid7, a security firm, wasted no time in telling the world that IE 9 and a number of earlier versions had a flaw that impacted XP, Vista and Win 7. The attacks trick a user into clicking on a malicious Web site, giving the attacker access to elevated privileges.

Of course now hackers are exploiting the flaw which Microsoft, given the short notice, hasn't had time to fix.

Why on earth do security firms publicize flaws before they are fixed? To me this is totally irresponsible.

Tell me where I'm wrong or more likely right at [email protected] In the meantime, if I get hacked this way, I'll blame Rapid7.

Posted by Doug Barney on 09/19/2012 at 1:19 PM


Featured

  • Microsoft Bumping Up SLA Support for Azure Active Directory B2C Service

    Microsoft had lots to say this month about its Azure Active Directory service.

  • Black Sky White Cloud Graphic

    Microsoft Expands Cloud Programs for Specific Industries

    Microsoft on Wednesday described an expansion of its industry-specific cloud efforts by announcing three new program additions, centered on the needs of finance, manufacturing and nonprofit organizations.

  • Reusing Content Within Microsoft Word

    A new Microsoft Word feature lets you insert a block of text (or other content) from a different file without leaving the document you're currently working on.

  • Replacement SSDs Now Available for Surface Pro 7+ PCs

    Microsoft on Tuesday announced that sales of solid-state drive (SSD) "commercial spares" replacement kits for Surface Pro 7+ PCs is now open, but only in the U.S. market.

comments powered by Disqus