The Black Hatters have done it again. Research presented at the annual security conference has exposed a critical zero-day flaw in Microsoft’s Internet Explorer browser.
Microsoft took the research to heart, and is now warning its users to take steps to protect themselves. eSecurity Planet takes a look at the extent and severity of the flaw, and hears Microsoft’s response.
Microsoft is warning users to protect themselves from a zero-day bug in Internet Explorer (IE) after it was disclosed Wednesday at the Black Hat hacking and security conference.
The announcement came just a day before Microsoft (NASDAQ: MSFT) provides advance notice regarding what bugs will be fixed on next week’s Patch Tuesday.
Although Microsoft didn’t initially mention the Black Hat D.C. security conference taking place outside of Washington as the source of the bug’s unveiling, a company spokesperson confirmed that its Security Advisory was a response to Core Security‘s presentation at the event. During the presentation, researcher Jorge Luis Alvarez Medina discussed security holes in IE that could impact users of older Windows operating systems.
“Microsoft is aware of the presentation at Black Hat … which describes proof-of-concept code on an information disclosure vulnerability in Internet Explorer,” a Microsoft spokesperson told InternetNews.com in an e-mail. “This affects customers running Windows XP or who have disabled Internet Explorer Protected Mode.”