Microsoft confirms newest IE bug went unpatched yesterday
Microsoft today said it's investigating reports of a new unpatched vulnerability in Internet Explorer (IE) that did not get patched in yesterday's massive update.
Other researchers, meanwhile, said that the timing of the attacks, which have already started, was not coincidental.
"The updates Microsoft released yesterday do not address this possible vulnerability," a Microsoft spokesman said today in an e-mail reply to questions, "but I can tell you that Microsoft is investigating these new public claims of a possible vulnerability in Internet Explorer."
Exploit code, which first surfaced in China, is actively seeking out victims, according to security researchers there and in the U.S. Those researchers have found attack code on multiple malicious domains and servers. Elsewhere today, an exploit was posted to the milw0rm.com site, a popular destination for public posting.
Symantec Corp. echoed Microsoft today, confirming that the flaw was not fixed by Tuesday's record-setting update, which included four patches, all judged "critical," for IE.
"The attack works successfully against a fully patched Windows XP SP3 with Internet Explorer 7, including all recent Microsoft Tuesday patches," said Symantec researcher Elia Florio in an entry to the company's vulnerability blog. "Also, Internet Explorer 6 could potentially be affected by the same problem and is therefore only temporarily immune to this initial exploit, which seems to target Internet Explorer 7 on Windows XP and 2003 systems."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
ie
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.














How can I know if our website is infected?
The technical info is all very vagueIs the problem really in javascript which Microsoft was forced to adopt by a SUN lawsuit!!!?