Race on between hackers, Microsoft over IE zero-day
Game on as bad guys try to make public attack code reliable, say researchers
By Gregg Keizer
November 24, 2009 04:02 PM ET
Computerworld - Hackers are racing to build reliable exploits to use against a zero-day vulnerability in Internet Explorer (IE), putting pressure on Microsoft to push out a patch before attacks go public, researchers said today.
Yesterday, Microsoft first confirmed that new exploit code
could compromise PCs running Internet Explorer 6 (IE6) and Internet Explorer 7 (IE7), then later in the day issued a security advisory
that said Windows 2000, Windows XP and Windows Vista users were at risk.
Because the attack code had been publicly posted to a widely-read mailing list, researchers today said that the clock has started.
"This is clearly a critical vulnerability, and as bad as it gets," said Ben Greenbaum, a senior research manager with Symantec's security response team. "It is a race, yes, it certainly is," he added when asked whether hackers and Microsoft are pitted in a drag race.