Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did Microsoft Know About the IE Zero-Day Flaw In Advance?

Posted by samzenpus on from the is-this-a-feature? dept.

judgecorp writes "Microsoft issued an emergency patch for a flaw in the Internet Explorer browser on Friday, but there are hints that the firm may have known about the flaw two months ago. The notes to Microsoft's patch credit the TippingPoint Zero Day Initiative for finding the flaw, instead of Eric Romang, the researcher at Metasploit who made it public. ZDI's listings show its most recent report to Microsoft on 24 July, suggesting Microsoft may have known about this one for some time. The possibility raises questions about Microsoft's openness — as well as about the ethics of the zero day exploit market."

1 of 123 comments (clear)

  1. Re:Of course Microsoft knew by Anonymous Coward · · Score: 0, Flamebait

    I work in the field and can say there's tons of researchers who submit these flaws. Not all of them can be fixed instantly, and in some instances (like this) fixing them could actually create hints for hackers to use and exploit. That's why it's often better to be silent about them and make a fix ready in case they are publicly exploited. One of the worst case scenarios is if you patch something with huge notes about it and the hackers find out about the flaw that way.

    And the bad hackers? They submit these to competitors like Google who then "leak" the news about competitors flaw.

    Your shill status is identifiable from miles away. First user post, first post, and Google bashing (not arguing that google is better but what's the point in this comment). So why do you keep posting? You're not doing a good job. For a person like me who is responsible for decisions about OS installs in hundreds of computers, this type of astrosurfing actually makes me not believe anything good about Microsoft clames, Microsoft advertising, or even Microsoft 3th party "independent" product reviews.

    The only possible way I could visualize a scenario in witch astrosurfing is needed is if there weren't actually any truthful "good honest reviews" since this actually mines the credibility of them.

    Also, since this spam actually annoys me, I've developed a very bad emotional response to Microsoft, making me want to say: Go the Fuck away.