I was very surprised to find that it has been out for less than 24 hours and the first bug has reared it’s ugly head in IE 7.

The bug has been described as an information disclosure vulnerability. While this bug has not been exploited yet I am sure that it will only be a matter of time. Secunia have posted a test as proof of concept on their site to demonstrate the issue. It has also been described by Secunia as "less critical".

What I want to know is why Microsoft doesn’t send their pre-release stuff to outside companies to be tested? They probably test it like mad "in-house" but sometimes as I know myself another pair of eyes sees things that I don’t. The reason as to why probably has something to do with disclosure and worries about their ideas being stolen. I must say though that IE would be well and truly under the microscope at present and if there are bugs they will be found.

Chalk this yet to be patched exploit up to possibly be patched next month. Does not bode well for the Microsoft boys.

This entry was posted on Friday, October 20th, 2006 at 12:12 am and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.