Careers & Certifications

05:03 PM
Connect Directly
RSS
E-Mail
50%
50%

Researcher: Microsoft Security Team Dismissive, Adversarial

A security research who disclosed a zero-day vulnerability in IE is complaining that Microsoft's security team gave him the brush-off and sent him a "rather threatening e-mail."

A security researcher who disclosed a zero-day vulnerability in Internet Explorer on Wednesday complained that Microsoft's security team gave him the brush-off and sent him a "rather threatening e-mail."

Ironically, the bug is in how IE warns users of potentially unsafe active content on a Web site, such as an ActiveX control.

Matthew Murphy posted a detailed description of the IE bug to the Full Disclosure security mailing list, where he noted that security dialogs could be used by attackers to hijack computers or install their own code on the compromised machines.

The security dialogs, said Murphy, are an exploitable weakness, especially in older versions of Windows, such as Windows 98, Windows 2000, and Windows XP SP1. But even newer OSes are vulnerable.

"On newer systems [Windows XP SP2, Windows Server 2003] the impact of this vulnerability is more limited, but remains serious," he said.

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed