IE10 flaw uncovered by VUPEN during PWN2OWN not addressed in latest update
Microsoft has prepared seven bulletins for Patch Tuesday this month, four ranked critical and another three rated important, covering a handful of flaws.
Three of the vulnerabilities could allow an attacker to execute code remotely on a target machine, while two could let hackers elevate privileges to take control of a system.
“It is puzzling to see such a high rating for this software that typically requires opening of an infected file in order for the attack to work. It will be interesting to see the attack vector for this vulnerability that warrants the ‘critical’ rating,” said Wolfgang Kandek, CTO at Qualys.
The other important updates relate to OneNote, Office 2010 for Mac, and the Windows OS.
Patch updates after PWN2OWN
Microsoft and other software vendors likely to release further patch updates soon, following the PWN2OWN competition that concluded earlier this month, which saw security researchers break the security of a number of applications.
Google and Mozilla have already pushed out patches preventing exploits shown to have breached the Chrome and Firefox browsers at PWN2OWN.
Microsoft’s Internet Explorer 10 browser was broken in the competition, but it is unclear when the tech giant will cover the security hole penetrated by French exploit seller VUPEN. In the past, VUPEN has been reluctant to share details of its research with vendors, choosing to keep them for customers only.
At the time of publication neither Microsoft nor VUPEN had responded to a request for comment.
Are you a security expert? Try our quiz!