http://www.computerworld.com/s/article/9135370/Microsoft_admits_it_knew_of_critical_IE_bug_in_early_08?source=CTWNLE_nlt_dailyam_2009-07-10
You know this type of stuff really burns me up, they knew since early 08 of this flaw, and did nothing about it, to fix it and get a patch out. No they gotta wait till hackers start exploiting this on a mass scale, and then they start paying attention. Scary part is how many other exploits do they know about that could have system-compromise type payloads, and haven't done anything about it. Again another PR nightmare and another black-eye for M$ because of there lack of due-diligence, has put customers at risk. Now note the fix is supposed to be coming out Tuesday for the various reported flaws ( including the last 2 IE ones) but it's a little too late when the bad guys already have plowed through thousands of computers and websites, with there exploits, and now those machines are apart of botnets, that are probably behind the spamming, and DDOS/DOS of GOVT sites, which has been posted on ISC from SANS. Any thoughts folks? Tell yeah TAM's Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + [email protected] Phone:401-639-3505 ________________________________________ From: Eric Wittersheim [mailto:[email protected]] Sent: Thursday, July 09, 2009 6:35 PM To: NT System Admin Issues Subject: Re: Trend Micro and IE zero day exploit hmm, makes me wonder if OpenDNS is offering something like this. I think I'll take a look. On Thu, Jul 9, 2009 at 5:07 PM, Devin Meade <[email protected]> wrote: FYI - If you have Trend Micro Office Scan and are using the web reputation feature, you are covered: http://us.trendmicro.com/us/threats/microsoft-mpeg-vulnerability/index.html "Trend Micro products with Web Reputation technology currently block malicious URLs associated with this exploit." -- Devin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
