Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
TRENDING TODAY
Home > News > Microsoft > Internet Explorer

March 23rd, 2009, 11:34 GMT · By

Microsoft Confirms Critical 0-Day IE8 Vulnerability

SHARE:

Adjust text size:

IE8
Enlarge picture
Microsoft has confirmed officially the zero-day vulnerability impacting Internet Explorer 8, the latest iteration of its IE browser. The security flaw was demonstrated on the first day of the Pwn2Own hacking context of the CanSecWest 2009 in Vancouver the past week. A security researcher identified only as Nils managed to own a Sony Vaio running Windows 7 via a vulnerability in IE8. Terri Forslof, the manager of Security Response for TippingPoint, revealed that Microsoft had acknowledged to her the existence of the issue.

“The MSRC (Microsoft Security Response Center) (...) let me know that they had reproduced and validated IE8 vulnerability discovered by the mysterious Nils. Of course, we can't tell you anything more than that - stay tuned for more information once Microsoft releases an update for it! I continue to be impressed by the dedication of the MSRC team - and was shocked to get the news of verification in less than 12 hours- considering the entire IE team was most likely at the MIX 2009 con down in Vegas for the official launch of IE8!” Forslof stated.

Before joining TippingPoint, Forslof in fact worked at Microsoft, as a Security Program Manager for the Microsoft Security Response Center, the very group that investigates vulnerabilities in the company's software and produces patches. Internet Explorer 8 was released to web on March 19, 2009, the second day of MIX09. “For those not keeping score, the confirmation of the IE8 vulnerability on the released bits marks the first official vulnerability in IE8!” Forslof explained.

In addition to IE8, both Firefox and Safari also permitted the systems they were running on top of to be hacked, and also through 0-day vulnerabilities. Two Critical holes affect Safari, while Firefox is vulnerable to a single issue, just as IE8. Google Chrome is the only browser that survived un-hacked. Forslof revealed that “the Chrome browser gets a small nod for being impacted by one of the flaws, although exploit is not possible using any current known techniques. I’m sure they’ll get it fixed up just the same.”
 
Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).

The latest release of Google Chrome is available for download here.

Firefox 3.1 Beta 3 for Windows is available here.

Firefox 3.1 Beta 3 for Linux is available here.

Firefox 3.1 Beta 3 for Mac OS X is available here.


5,323 hits · 2 comments
Link to this article · Print article · Send to friend

MUST-READ RELATED ARTICLES:


Microsoft: IE8 Has the First Complete Implementation of CSS 2.1
Beyond IE8: Windows 7's IE8, and the Next Iteration of Internet Explorer
Microsoft: Standards-Complete IE8 Impossible
Internet Explorer 8 (IE8) RTW Future Releases, Downloads, Automatic Upgrades
IE8, Firefox, Safari Owned via 0-Day Vulns, Chrome Survives Intact

READER COMMENTS:


Comment #1 by: RailNut on 18 Sep 2012, 07:45 UTC reply to this comment

The story is useless without an obvious date-line

Comment #1.1 by: Softpedia Team on 18 Sep 2012, 09:35 GMT

The dateline is just above the title.

Copyright © 2001-2013 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2013 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use