QUOTE
Microsoft to repair Internet Explorer fault discovered at hacking contest
Patch Tuesday will deal with exploit demoed at Pwn2Own competition
By Tim Greene, Network World
June 08, 2012 10:52 AM ET
Next week's Patch Tuesday will feature a fix for a vulnerability in Internet Explorer that came to light at the celebrated Pwn2Own hacking competition held earlier this year at CanSecWest.
It's one of the most important of the seven patches Microsoft will issue -- two others are also labeled critical -- and it is probably the best known, given that it was publicly demonstrated at the contest in March.
...
A team of researchers from Vupen Security discovered the IE exploit, and HP/Tipping Point, which ran Pwn2Own on behalf with the Zero Day initiative, turned it over to Microsoft. That was toward the end of March and Microsoft has been preparing and testing the patch in the meantime, says Wolfgang Kandek, the CTO of Qualys, who is familiar with the process.
Specifics about the upcoming patches are sparse, which has become the norm since earlier this year when one of the vulnerabilities to be patched was leaked before Patch Tuesday, exposing machines to attack, says Marcus Carey, security researcher at vulnerability-management firm Rapid7.
But Kandek describes the critical patches as one to repair a Windows flaw and therefore a broadly distributed weakness, and one to fix the .NET framework which also applies to all versions of Windows. The third is the IE vulnerability.
Vulnerabilities in .NET are usually linked to malware on websites, says Marcus Carey, security researcher at Rapid7. "In the past, these types of vulnerabilities exploit systems if a user views a specially crafted web page using a web browser," Carey says.
Detailed information about at: http://www.networkwo...02.html?hpg1=bn
Patch Tuesday will deal with exploit demoed at Pwn2Own competition
By Tim Greene, Network World
June 08, 2012 10:52 AM ET
Next week's Patch Tuesday will feature a fix for a vulnerability in Internet Explorer that came to light at the celebrated Pwn2Own hacking competition held earlier this year at CanSecWest.
It's one of the most important of the seven patches Microsoft will issue -- two others are also labeled critical -- and it is probably the best known, given that it was publicly demonstrated at the contest in March.
...
A team of researchers from Vupen Security discovered the IE exploit, and HP/Tipping Point, which ran Pwn2Own on behalf with the Zero Day initiative, turned it over to Microsoft. That was toward the end of March and Microsoft has been preparing and testing the patch in the meantime, says Wolfgang Kandek, the CTO of Qualys, who is familiar with the process.
Specifics about the upcoming patches are sparse, which has become the norm since earlier this year when one of the vulnerabilities to be patched was leaked before Patch Tuesday, exposing machines to attack, says Marcus Carey, security researcher at vulnerability-management firm Rapid7.
But Kandek describes the critical patches as one to repair a Windows flaw and therefore a broadly distributed weakness, and one to fix the .NET framework which also applies to all versions of Windows. The third is the IE vulnerability.
Vulnerabilities in .NET are usually linked to malware on websites, says Marcus Carey, security researcher at Rapid7. "In the past, these types of vulnerabilities exploit systems if a user views a specially crafted web page using a web browser," Carey says.
Detailed information about at: http://www.networkwo...02.html?hpg1=bn
