Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

Microsoft leaving two vulnerabilties in Internet Explorer 8 unpatched

IE8 logoOn the upcoming Patch Tuesday, Microsoft will not be issuing a fix for a critical IE8 vulnerability discovered in December. If that wasn't bad enough, a vulnerability in Internet Explorer 8 discovered by a Google security researcher will also go unaddressed.

The second bug was only discovered yesterday, so perhaps Microsoft simply hasn't had a chance to work out a fix yet -- but the first flaw has already been exploited, and seen in the wild! Microsoft even admits it has seen targeted attacks, yet no fix is forthcoming.

The Google security researcher, incidentally, is concerned that third parties in China might also know about his recently-discovered vulnerability. In a beautiful twist of irony, one of his fellow researchers uploaded some data that revealed the exploit -- and moments later, the GoogleBot indexed the data, allowing two IP addresses in China to simply search for it.

Tags: browsers, cross_fuzz, google, patch tuesday, PatchTuesday, security, vulnerability

Comments

1