Microsoft Knew of IE Zero-Day for Weeks Before Patching

CommanderFrank

Cat Can't Scratch It
Joined
May 9, 2000
Messages
75,400
Many were wondering how and why Microsoft moved with such an unusual speed in plugging the hole and formulating a fix for the IE Zero-Day flaw last week. The answer is simple: The flaw had been reported much earlier and had not been acted upon.

Microsoft knew of the IE zero-day for more than seven weeks before Eric Romang, the researcher who announced finding an exploit on a hacker-controlled server, disclosed his discovery Sept. 15.
 
I'm not sure how much I'm willing to lay MS out for this one. I understand they knew before this info hit the internet, but just because it happens in small numbers doesn't mean it gets a fix. That's just business. It's all about the bottom dollar and the squeaky wheel. Heck, even Oracle released a really rare, out of bandwidth, update to Java in regards to a zero-day exploit.

After reading the article, maybe some attention needs to be paid to HP's Digital Vaccine IPS system as it seems hackers may be reverse engineering it. That is worse by far I believe.
 
noudlzfBn0WpRwJzDL3fVA2.png
 
I'm not defending the article but they are saying the "anonomous" hacker reported a flaw but this one in particular was identified?
 
If this random, unnamed hacker can be trusted (which I'm sure is totally possible because everyone is 100% honest all the time) then I think Microsoft should have followed Oracle's lead by releasing a bunch of broken updates.
 
If this random, unnamed hacker can be trusted (which I'm sure is totally possible because everyone is 100% honest all the time) then I think Microsoft should have followed Oracle's lead by releasing a bunch of broken updates.

stupid.

Releasing broken updates is far worst than the actual security exploit.
 
Saw the update was download; hid the update. I don't use IE, and I hope no one does.
 
Seven weeks is not a long time for a company as big as Microsoft to patch and fully test a product as complex as IE. Until the fix became widely known, there was no need for urgency.
 
Saw the update was download; hid the update. I don't use IE, and I hope no one does.
It is still on your system. And malicious code could still conceivably access it through any number of vectors.

Not patching IE just because you don't actively use it seems like a misguided act of defiance rather than a rational decision.

If it's on your computer, you should maintain it.
 
It is still on your system. And malicious code could still conceivably access it through any number of vectors.

Not patching IE just because you don't actively use it seems like a misguided act of defiance rather than a rational decision.

If it's on your computer, you should maintain it.

You take all those sensible thoughts that aren't driven by childish emotions over pieces of software and get out of here. There are enough other forums out there that cater to reason.
 
Many were wondering how and why Microsoft moved with such an unusual speed in plugging the hole and formulating a fix for the IE Zero-Day flaw last week. The answer is simple: The flaw had been reported much earlier and had not been acted upon.

Your statement contradicts itself. If they acted more quickly than normal because the flaw had been reported earlier, then it had been acted upon and a patch was in progress. It may not have gotten as high of a priority until it was widely known about, but that's hardly unexpected. Even Microsoft has limited resources and has to prioritize their efforts.
 
Back
Top