Random Entry: The Google Interviews
< Stupidity always threatens Litigation | McAfee VirusScan Enterprise User Interface Protection Bypass Flaw >

IE sploit threat growing

It seems out generic timeline for Microsoft 0days goes along the lines of:

Flaw is found.
Microsoft says it isn't being widely exploited and "safe browsing habits" will save you¹.
The threat grows in the wild on porn and pirate sites.
Microsoft re-iterates the minimal exploitation.
The threat continues to grow on 'safe' sites.

The point here is that a threat is going to continue to grow as long as there isn't effective mitigation, like a patch. When Microsoft says there is only minimal exploitation is exactly the time they should be rushing out a fix. Even if the threat is growing slowly, this is not an indication by itself that it won't be used in an attack on a multiple site advertiser or the like. This isn't even taking into account all the fun you can have with a targeted attack; we are still dealing with preventing mass exploitation.

As an aside: IE 0day "in the wild" threat growth:

¹They also tell you to turn the affected component off. But this never really helps given that most browsing becomes useless.

Monday, March 27. 2006
Posted by Dominic White in Security
Comments (0) | Trackbacks (0)

Last modified on 2006-03-27 17:35

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry