Careers & Certifications

05:03 PM
Connect Directly
RSS
E-Mail
50%
50%

Researcher: Microsoft Security Team Dismissive, Adversarial

A security research who disclosed a zero-day vulnerability in IE is complaining that Microsoft's security team gave him the brush-off and sent him a "rather threatening e-mail."

A security researcher who disclosed a zero-day vulnerability in Internet Explorer on Wednesday complained that Microsoft's security team gave him the brush-off and sent him a "rather threatening e-mail."

Ironically, the bug is in how IE warns users of potentially unsafe active content on a Web site, such as an ActiveX control.

Matthew Murphy posted a detailed description of the IE bug to the Full Disclosure security mailing list, where he noted that security dialogs could be used by attackers to hijack computers or install their own code on the compromised machines.

The security dialogs, said Murphy, are an exploitable weakness, especially in older versions of Windows, such as Windows 98, Windows 2000, and Windows XP SP1. But even newer OSes are vulnerable.

"On newer systems [Windows XP SP2, Windows Server 2003] the impact of this vulnerability is more limited, but remains serious," he said.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
6
IT Certification's Top 10 Benefits
Global Knowledge, Global Knowledge,  8/20/2014
3
Confessions Of A VMworld Virgin
Susan Fogarty, Editor in Chief,  8/22/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed