Microsoft is still working on a patch to fix a recently discovered bug in Internet Explorer 8 and older, but security companies across the globe warn that several websites are getting compromised to take advantage of the flaw.
Even though it has released a one-click “Fix it” tool for Internet Explorer, a security vendor has managed to bypass it and take control of the affected system.
Now Microsoft admits this is indeed possible and explained in a Twitter conversation
that such a bypass was very likely to be legitimate.
“We think you are probably right,” Jonathan Ness, a Microsoft security engineer, told Aaron Portnoy of Exodus, the company that managed to bypass the fix
“For the record (because we've seen it mentioned falsely in various articles), EMET (Enhanced Mitigation Toolkit) can also be bypassed to exploit CVE-2012-4792,” Exodus Intelligence also added.