Slashdot Mirror

← Back to Stories (view on slashdot.org)

New IE Holes Discovered

Posted by CowboyNeal on from the yes-even-more dept.

joelt49 writes "Yahoo! News is reporting that 7 new security holes for Internet Explorer have been discovered by a Chinese researcher; however, there apparantly aren't any attacks on IE yet." The part about this story that gets to me is that the researcher didn't alert Microsoft before posting to a public mailing list. Sure, a lot of people don't like Microsoft, but that's no reason to make it worse for the millions of people who are forced to use Microsoft products, especially for security holes which have yet to be exploited.

7 of 801 comments (clear)

  1. Topic was briefly discussed at NTBugTraq by Lieutenant_Dan · · Score: 5, Informative

    Russ Cooper made some good points.

    I think MS has the responsibility to address their customers concerns immediatelly (naive, I know), especially IE's overly close integration with the OS which causes most of these exploits.

    --
    Wearing pants should always be optional.
  2. actually, this is old by the_mighty_$ · · Score: 5, Informative

    hey folks, this was posted to bugtraq some two months ago.

    --
    VI VI VI - the editor of the beast!
  3. Re:Incident response times by Troed · · Score: 5, Informative

    Neither does Microsoft, as shown several times when their updates causes 3rd software to break - even in areas the patch wasn't supposed to touch.

    Feel free to Google.

    --
    it's in my head
  4. No Exploit, eh? by GaelenBurns · · Score: 5, Informative

    What I'm wondering is why the poster of this story didn't do a tad more research before posting. As of yesterday, an exploit for these security holes has been available.

    Exploit code, anyone? A simple google search or a Bugtraq archive browse should do it.

  5. Re:Incident response times by Begemot · · Score: 5, Informative

    ... as shown several times when their updates causes 3rd software to break ...

    It's even worse when done by design. Once a scoundrel - always a scoundrel.

  6. Perhaps the Microsoft spokesman is lying by Error27 · · Score: 5, Informative

    These security problems were publically known in September.

    What was released recently was sample exploit code.

    If you are a Microsoft spokesman then, of course, you have to say that, "Hey, if we don't have a fix then it must mean we didn't know about it." So it's not even lying to say that you weren't told. It's the only logical thing.

    The spokesman was not aware that Microsoft had released unmarked patches for some of the problems.

  7. Re:it wouldn't change anything by ExtraT · · Score: 5, Informative

    I used to work in Microsoft technical support. From my experience, MS does everything to avoid receiving bug reports from end users, their system is designed in such a way that bug reports are automatically dropped, unless the originate from a pro support client (which pays millions of dollars for support). What this guy did is not only right, but also it is the only moral thing to do. Companies like MS should pay for their bad business practices.