Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
For the second time in two days, Microsoft Corp. on Wednesday acknowledged a zero-day bug in Internet Explorer, but this time promised to patch the problem.
The vulnerability is caused by an error in Internet Explorer's (IE) processing of the "createTextRange()" JavaScript method call, both Cupertino, Calif.-based Symantec and Danish vulnerability tracker Secunia noted Wednesday. By exploiting the bug, hackers could either get IE to run malicious code remotely, or crash the browser.
"We have confirmed this vulnerability," wrote Lennart Wistrand, lead security program manager, on the Microsoft Security Response Center (MSRC) blog. "I am writing a Microsoft Security Advisory on this…but we wanted to make sure customers knew we were aware of this and we will address it in a security update."
Tuesday, the MSRC had verified that another bug in IE could crash the browser, and might be able to compromise computers. That vulnerability went public last Friday.
The newest flaw could be exploited by designing a malicious Web site that contains the "createTextRange()" JavaScript method, then luring users to the site. People who visited such a site would not know that their system had been hacked.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
