SlideShare une entreprise Scribd logo

A flaw in Microsoft's Internet Explorer

Télécharger en tant que DOCX, PDF
Michael Holt
Michael Holt

Microsoft had not fixed a flaw in older versions of Internet Explorer that leaves users vulnerable to hackers, despite being informed of the issue six months ago. The flaw allows remote attackers to execute arbitrary code on vulnerable versions of IE such as version 8. While IE has since been replaced, it still accounts for around 20% of internet traffic. The researcher first disclosed the flaw to Microsoft in November but heard no indication it would be fixed before details were made public.

1  sur  1
By MatthewSparkes 4:42PM BST 22 May 2014 A flawinMicrosoft'sInternetExplorerwhichleavesusersvulnerabletohackershasnot beenfixed, despite itsdiscoverergivingthe companysix monthsgrace todo so before publishingdetails. The flaw"allowsremote attackerstoexecute arbitrarycode"onvulnerable,olderversionsof IEsuchas 8, says the ZeroDay Initiative site,whichoffersrewardsforfindingflawsincommercialsoftware.Itwas originallydiscoveredbyPeterVanEeckhoutte,alsoknownas"corelanc0d3r". User interactionisrequiredtoexploitthe hole,inthatthe victimwouldhave toopenamalicious website orfile.Althoughthe software hasnow beenreplaced,itstill accountsforaround20 percentof internettrafficaccordingtostatisticsfromNetApplications. The flawwas firstdisclosedtoMicrosoftinNovemberlastyear,andthe site usuallygives180 daysfor a fix tobe appliedbeforeitispubliclydisclosed.ByFebruary,Microsofthadconfirmedthatithad been able to replicate the problem,buthadnotfixedit. ZeroDay Initiative heardnoindicationthatitwouldbe fixed,soextendedthe usual secrecyperiod, informedMicrosoftthatitwas goingto go aheadwithpublication,andeventuallyreleasedthe informationlate lastnight

Recommandé

Wirelurker
WirelurkerWirelurker
Wirelurkeranupriti
 
Regin
ReginRegin
Reginanupriti
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScanMicroWorld Software Services Pvt Ltd
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
Sahilmod 120315100301-phpapp01
Sahilmod 120315100301-phpapp01Sahilmod 120315100301-phpapp01
Sahilmod 120315100301-phpapp01Nelito Systems Ltd
 
Bash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnBash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnMichael Holt
 

Recommandé

Wirelurker
WirelurkerWirelurker
Wirelurkeranupriti
 
Regin
ReginRegin
Reginanupriti
 
Malicious malware breaches - eScan
Malicious malware breaches - eScanMalicious malware breaches - eScan
Malicious malware breaches - eScanMicroWorld Software Services Pvt Ltd
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesOpen Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source Licenses
Open Source Insight: CVE–2017-9805, Equifax Breach & Wacky Open Source LicensesBlack Duck by Synopsys
 
Sahilmod 120315100301-phpapp01
Sahilmod 120315100301-phpapp01Sahilmod 120315100301-phpapp01
Sahilmod 120315100301-phpapp01Nelito Systems Ltd
 
Bash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnBash software bug could be bigger threat than heartbleed, experts warn
Bash software bug could be bigger threat than heartbleed, experts warnMichael Holt
 
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Black Duck by Synopsys
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
 
Anti virus slide show presentation
Anti virus slide show presentationAnti virus slide show presentation
Anti virus slide show presentationHaseebIbnMoheb
 
49871001
4987100149871001
49871001kobe8324
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 
Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytesn|u - The Open Security Community
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016Marina Krotofil
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhandenullowaspmumbai
 
Security News Bytes March 2020
Security News Bytes March 2020Security News Bytes March 2020
Security News Bytes March 2020Hiren Sadhwani
 
News Bytes
News BytesNews Bytes
News Bytesn|u - The Open Security Community
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2Stephanie Vanroelen
 
Ibm risk management-30min
Ibm risk management-30minIbm risk management-30min
Ibm risk management-30minKim Aarenstrup
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSInnovation Network Technologies: InNet
 
Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worriesUltraUploader
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013n|u - The Open Security Community
 
Conficker
ConfickerConficker
ConfickerBobmathews
 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementOpen Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementBlack Duck by Synopsys
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015n|u - The Open Security Community
 

Contenu connexe

Tendances

Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Black Duck by Synopsys
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
 
Anti virus slide show presentation
Anti virus slide show presentationAnti virus slide show presentation
Anti virus slide show presentationHaseebIbnMoheb
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017Accelerate Tech
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threatsdnomura
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskarnullowaspmumbai
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016Marina Krotofil
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhandenullowaspmumbai
 
Security News Bytes March 2020
Security News Bytes March 2020Security News Bytes March 2020
Security News Bytes March 2020Hiren Sadhwani
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
Ibm risk management-30min
Ibm risk management-30minIbm risk management-30min
Ibm risk management-30minKim Aarenstrup
 

Tendances (17)

Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
Open Source Insight: Top Picks for Black Hat, GDPR & Open Source Webinar, ...
 
Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...Open Source Insight: Happy Birthday Open Source and Application Security for ...
Open Source Insight: Happy Birthday Open Source and Application Security for ...
 
Anti virus slide show presentation
Anti virus slide show presentationAnti virus slide show presentation
Anti virus slide show presentation
 
49871001
4987100149871001
49871001
 
Top 15 security predictions for 2017
Top 15 security predictions for 2017Top 15 security predictions for 2017
Top 15 security predictions for 2017
 
Current Emerging Threats
Current Emerging ThreatsCurrent Emerging Threats
Current Emerging Threats
 
Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytes
 
Null mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul TulaskarNull mumbai news bytes by Rahul Tulaskar
Null mumbai news bytes by Rahul Tulaskar
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd
 
New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016New wave of attacks in Ukraine 2016
New wave of attacks in Ukraine 2016
 
Null mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya JamkhandeNull mumbai Session on ransomware by_Aditya Jamkhande
Null mumbai Session on ransomware by_Aditya Jamkhande
 
Security News Bytes March 2020
Security News Bytes March 2020Security News Bytes March 2020
Security News Bytes March 2020
 
News Bytes
News BytesNews Bytes
News Bytes
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
Ibm risk management-30min
Ibm risk management-30minIbm risk management-30min
Ibm risk management-30min
 
Top 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOSTop 6-Security-Threats-on-iOS
Top 6-Security-Threats-on-iOS
 

Similaire à A flaw in Microsoft's Internet Explorer

Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worriesUltraUploader
 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementOpen Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementBlack Duck by Synopsys
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
We explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetWe explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetaditi agarwal
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in MaySathish Kumar K
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsMehrdad Jingoism
 
Malware freak show
Malware freak showMalware freak show
Malware freak showsr1nu
 
Developer is an attack vector
Developer is an attack vectorDeveloper is an attack vector
Developer is an attack vectorlokori
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35Felipe Prado
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
Group1 First Periodical Exam
Group1 First Periodical ExamGroup1 First Periodical Exam
Group1 First Periodical ExamEloisa Castro
 

Similaire à A flaw in Microsoft's Internet Explorer (20)

Bot software spreads, causes new worries
Bot software spreads, causes new worriesBot software spreads, causes new worries
Bot software spreads, causes new worries
 
Security News bytes October 2013
Security News bytes October 2013Security News bytes October 2013
Security News bytes October 2013
 
Conficker
ConfickerConficker
Conficker
 
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk ManagementOpen Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
Open Source Insight: NotPetya Strikes, Patching Is Vital for Risk Management
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_Dec
 
We explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internetWe explain the security flaw that's freaking out the internet
We explain the security flaw that's freaking out the internet
 
News bytes Sept-2011
News bytes Sept-2011News bytes Sept-2011
News bytes Sept-2011
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
 
Ce hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypotsCe hv8 module 17 evading ids, firewalls, and honeypots
Ce hv8 module 17 evading ids, firewalls, and honeypots
 
Malware Freak Show
Malware Freak ShowMalware Freak Show
Malware Freak Show
 
Malware freak show
Malware freak showMalware freak show
Malware freak show
 
Developer is an attack vector
Developer is an attack vectorDeveloper is an attack vector
Developer is an attack vector
 
Hamza
HamzaHamza
Hamza
 
INSECURE Magazine - 35
INSECURE Magazine - 35INSECURE Magazine - 35
INSECURE Magazine - 35
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Group1 First Periodical Exam
Group1 First Periodical ExamGroup1 First Periodical Exam
Group1 First Periodical Exam
 
Group1 First Periodical Exam
Group1 First Periodical ExamGroup1 First Periodical Exam
Group1 First Periodical Exam
 

Plus de Michael Holt

NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...
NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...
NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...Michael Holt
 
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniques
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniquesNSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniques
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniquesMichael Holt
 
Icreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisIcreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisMichael Holt
 
Google never killed authorship entirely, some of the code still remains being...
Google never killed authorship entirely, some of the code still remains being...Google never killed authorship entirely, some of the code still remains being...
Google never killed authorship entirely, some of the code still remains being...Michael Holt
 
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor Access
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor AccessFederal CyberSecurity Whistleblower on Analytics trackers and Backdoor Access
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor AccessMichael Holt
 
Veterans Administration Hacked by foreign orgs, security needs standardization
Veterans Administration Hacked by foreign orgs, security needs standardizationVeterans Administration Hacked by foreign orgs, security needs standardization
Veterans Administration Hacked by foreign orgs, security needs standardizationMichael Holt
 
Letter of Recommendation - Holt(1)
Letter of Recommendation - Holt(1)Letter of Recommendation - Holt(1)
Letter of Recommendation - Holt(1)Michael Holt
 
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1Michael Holt
 
NSA's Secret Google-Like Search Engine for Metadata Analysis
NSA's Secret Google-Like Search Engine for Metadata AnalysisNSA's Secret Google-Like Search Engine for Metadata Analysis
NSA's Secret Google-Like Search Engine for Metadata AnalysisMichael Holt
 
Analytics Trackers
Analytics TrackersAnalytics Trackers
Analytics TrackersMichael Holt
 
Andrzejewski, Barbara
Andrzejewski, BarbaraAndrzejewski, Barbara
Andrzejewski, BarbaraMichael Holt
 

Plus de Michael Holt (13)

NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...
NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...
NSA, GCHQ, Five, Nine and Fourteen Eyes White Paper on Cybersecurity Exploit ...
 
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniques
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniquesNSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniques
NSA, GCHQ, Five, Nine, Fourteen Eye tactics and techniques
 
Icreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysisIcreach — nsa's secret google like search engine for metadata analysis
Icreach — nsa's secret google like search engine for metadata analysis
 
Google never killed authorship entirely, some of the code still remains being...
Google never killed authorship entirely, some of the code still remains being...Google never killed authorship entirely, some of the code still remains being...
Google never killed authorship entirely, some of the code still remains being...
 
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor Access
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor AccessFederal CyberSecurity Whistleblower on Analytics trackers and Backdoor Access
Federal CyberSecurity Whistleblower on Analytics trackers and Backdoor Access
 
Veterans Administration Hacked by foreign orgs, security needs standardization
Veterans Administration Hacked by foreign orgs, security needs standardizationVeterans Administration Hacked by foreign orgs, security needs standardization
Veterans Administration Hacked by foreign orgs, security needs standardization
 
Letter of Recommendation - Holt(1)
Letter of Recommendation - Holt(1)Letter of Recommendation - Holt(1)
Letter of Recommendation - Holt(1)
 
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1
Merit Systems Protection Board Docket Number SF-0752-11-0427-I-1
 
Ron Wyden
Ron WydenRon Wyden
Ron Wyden
 
NSA's Secret Google-Like Search Engine for Metadata Analysis
NSA's Secret Google-Like Search Engine for Metadata AnalysisNSA's Secret Google-Like Search Engine for Metadata Analysis
NSA's Secret Google-Like Search Engine for Metadata Analysis
 
Beacons
BeaconsBeacons
Beacons
 
Analytics Trackers
Analytics TrackersAnalytics Trackers
Analytics Trackers
 
Andrzejewski, Barbara
Andrzejewski, BarbaraAndrzejewski, Barbara
Andrzejewski, Barbara
 

A flaw in Microsoft's Internet Explorer

  • 1. By MatthewSparkes 4:42PM BST 22 May 2014 A flawinMicrosoft'sInternetExplorerwhichleavesusersvulnerabletohackershasnot beenfixed, despite itsdiscoverergivingthe companysix monthsgrace todo so before publishingdetails. The flaw"allowsremote attackerstoexecute arbitrarycode"onvulnerable,olderversionsof IEsuchas 8, says the ZeroDay Initiative site,whichoffersrewardsforfindingflawsincommercialsoftware.Itwas originallydiscoveredbyPeterVanEeckhoutte,alsoknownas"corelanc0d3r". User interactionisrequiredtoexploitthe hole,inthatthe victimwouldhave toopenamalicious website orfile.Althoughthe software hasnow beenreplaced,itstill accountsforaround20 percentof internettrafficaccordingtostatisticsfromNetApplications. The flawwas firstdisclosedtoMicrosoftinNovemberlastyear,andthe site usuallygives180 daysfor a fix tobe appliedbeforeitispubliclydisclosed.ByFebruary,Microsofthadconfirmedthatithad been able to replicate the problem,buthadnotfixedit. ZeroDay Initiative heardnoindicationthatitwouldbe fixed,soextendedthe usual secrecyperiod, informedMicrosoftthatitwas goingto go aheadwithpublication,andeventuallyreleasedthe informationlate lastnight