Critical Exploits Plague IE11, Microsoft Too Busy with Windows 10 Development to Patch
Four zero-day vulnerabilities have been discovered in Microsoft's Internet Explorer as the company makes plans for launching its upcoming Windows 10 next week, on July 29.
Critical Internet Explorer vulnerabilities:
While you may like it or not, Internet Explorer is still one of the most used browsers in world as it comes pre-loaded on PCs, notebooks, and Windows Phones. Recent years have seen a strong shift to better and more safer browsers, but Internet Explorer still remains the default browser for many. Such a strong user base makes the platform traditionally a favorite place for hackers. The Hewlett-Packard's Zero-Day Initiative (ZDI) has disclosed four new vulnerabilities in the browser that could be potentially exploited to remotely execute malicious code on the target machine. This remote execution of code is possible on your machine even if your browser is fully updated.
These four bugs have been reported to be affecting IE11 on Windows Phones. The tipping point?
HP reported these critical zero-day Internet Explorer bugs to Microsoft some six months back, however, considering how Redmond has stayed busy with the development of Windows 10, it couldn't manage to fix the issue. Microsoft was notified of the first zero-day Internet Explorer bug on November 12, 2014 which was then extended to May 12, 2015 and then again to July 19. However, as no patch came to fix the issue, ZDI went public on July 22. Microsoft reportedly requested HP to give another extension of 6 months grace period before HP makes these vulnerabilities public but HP refused the request. Now published, we expect to see Microsoft responding to this more responsibly and possibly sending some patch our way too.
We're aware of the reports regarding Internet Explorer for Windows Phone. A number of factors would need to come into play, and no attacks have been reported. We continue to monitor the situation and will take appropriate steps to protect our customers. - Microsoft's statement
Microsoft is replacing the aging Internet Explorer with Microsoft Edge browser once Windows 10 is launched. However, Internet Explorer will keep serving the enterprise customers and, of course, the machines not updated to Windows 10.
- For more details, visit ArsTechnica