Zero-day exploit in Internet Explorer 10 remains unpatched

Posted on Thursday, April 11 2013 @ 11:09 CEST by Thomas De Maesschalck
Microsoft logo
Bit Tech noticed that this month's Patch Tuesday update cycle from Microsoft did not fix a critical security vulnerability in Internet Explorer 10 that was discovered at last month's Pwn2Own competition at the CanSecWest security conference. The bug is a nasty one, it enables hackers to take control of a fully-patched Windows 8 system by loading a specially crafted webpage in Internet Explorer 10. It's unknown when Microsoft plans to fix this bug, but unless the company releases an out-of-cycle patch, the second Tuesday of May is the soonest date we could see a fix.
Microsoft's Internet Explorer 10 running on a fully-patched Windows 8 installation was one of the browsers to fall victim to security researchers at the annual Pwn2Own competition, held at the CanSecWest security conference. Using a previously-undetected flaw in IE10, security firm Vupen was able to take control of the system - and, in doing so, found itself $100,000 in prize money richer.
/
As part of the contest rules, Vupen was required to disclose details of the vulnerability to Microsoft without making it public until the company had a chance to patch the flaw - a distinct departure from the company's usual tactic of selling zero-day exploit details for profit. Accordingly, it was expected that this month's Patch Tuesday update release would include a fix for the flaw - something Microsoft desperately needs to do, given the seriousness of the flaw and the fact that its rivals in the browser market have already patched their own Pwn2Own vulnerabilities.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments