Microsoft: "Discovered exploit was already patched in IE6 SP1"

Posted on Tuesday, Feb 17 2004 @ 17:36 CET by Thomas De Maesschalck
Microsoft has responded to the claim from a hacker who had made an exploit for IE5 with the aid of the leaked Windows 2000 source code. Microsoft has investigated the report of the exploit for Internet Explorer and came to the conclusion that this leak was already discovered internally and patched in IE6 SP1.
But in a statement Microsoft said the reported exploit was in fact a known, patched, flaw: "This exploit is a known issue that Microsoft had discovered internally and addressed with the latest release of Internet Explorer 6.0 Service Pack 1."

Security experts are still warning the stolen code could pose dangers, however. European security firm Ubizen warns that the code will increase the ability of hackers to identify vulnerabilities.

"The leak ultimately means that security holes can be more easily identified and exploited," said David Williamson, UK head of Ubizen.

"Without access to code, identifying a security hole is largely the result of guesswork and reverse engineering. Having access to the leaked code will mean that hackers can spot problems with the software more easily."
Source: VNUnet


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments