Microsoft Patches IE for 14 Vulnerabilities ahead of Pwn2Own 2013
Page 1 of 1
Once again, Microsoft is dealing with vulnerabilities in its Internet Explorer (IE) browser this month. Fourteen different vulnerabilities in IE, spread across two separate bulletins are being fixed.
"It’s just so messed up that it couldn’t be fixed in one bulletin," said Marc Maiffret, CTO of BeyondTrust.
The MS13-009 bulletin is the first of the two critical IE bulletins addressing 13 vulnerabilities affecting IE 6,7,8,9 and 10. Twelve of those vulnerabilities are Use-After-Free memory issues.
As to why Microsoft is patching so many IE vulnerabilities now, it is likely related to the upcoming Pwn2own competition.
"On IE, I know that Microsoft has been working hard on getting things addressed as quickly as possible and they have sped testing in the last year and streamlined their deployments," Wolfgang Kandek, CTO of Qualys, told eSecurity Planet. "It is also the last opportunity to IE patched before the CanSecWest competition start of March."
CanSecWest is the home of the Pwn2own browser hacking event. The 2013 event will reward the first researcher to hack IE 10 running on Windows 8 with $100,000 in cash.