Slashdot Mirror

← Back to Stories (view on slashdot.org)

Did Microsoft Know About the IE Zero-Day Flaw In Advance?

Posted by samzenpus on from the is-this-a-feature? dept.

judgecorp writes "Microsoft issued an emergency patch for a flaw in the Internet Explorer browser on Friday, but there are hints that the firm may have known about the flaw two months ago. The notes to Microsoft's patch credit the TippingPoint Zero Day Initiative for finding the flaw, instead of Eric Romang, the researcher at Metasploit who made it public. ZDI's listings show its most recent report to Microsoft on 24 July, suggesting Microsoft may have known about this one for some time. The possibility raises questions about Microsoft's openness — as well as about the ethics of the zero day exploit market."

3 of 123 comments (clear)

  1. Clarification Needed (please) by Anonymous Coward · · Score: 5, Funny

    What's a "Internet Explorer" ?

    1. Re:Clarification Needed (please) by Alter_3d · · Score: 5, Funny

      What's a "Internet Explorer" ?

      It's the tool used to download Firefox, Chrome or Opera on new Windows PCs.

      Of course, if you really hate the thing, you can always use the built in ftp client.

  2. You meant to say by Anonymous Coward · · Score: 2, Funny

    1.) Guy reports exploit to M$ in February
    2.) They do nothing
    3.) Guy asks for progress in May
    4.) They do nothing
    5.) Guy asks for progress in July
    6.) They do nothing
    7.) Guy asks for progress in October
    8.) They do nothing
    9.) Guy releases exploit to public
    10.) MS bitches loudly about "Google trying to smear us"
    11.) MS does nothing for three days
    12.) Two low-level guys are told to fix it ASAP on Monday
    13.) On Tuesday they are grilled by Sinofski about progress
    14.) On Wednesday Ballmer throws a chair at them
    15.) On the deathbed (from the Ballmer-inflicted wounds), they fix the issue
    16.) On Friday MS releases the patch