Latest Patch Tuesday IE10 updates did not fix zero day exploit

[ShyWriter]

.

Latest Patch Tuesday IE10 updates did not fix zero day exploit

John Callaham

As promised, Microsoft issued a number of security updates Tuesday for many of its software products as part of its regular monthly Patch Tuesday event. That included two critical fixes for various versions of Internet Explorer, including IE10 running on Windows 8.

Microsoft said in its full patch notes that the fixes on Tuesday closed Internet Explorer exploits that "could allow remote code execution if a user views a specially crafted webpage using Internet Explorer." Microsoft also added that the fixes were "privately reported".

However, those fixes did not address flaws in IE10 that were discovered over a month ago by the French firm VUPEN Security. The company stated it found two zero-day exploits in IE10 that allowed them to remotely take over a Surface Pro PC during the Pwn2Own Internet hacking competition. (More...)

The rest of the IE10 bad news: http://www.neowin.net/news/latest-patch-tuesday-ie10-updates-did-not-fix-zero-day-exploit

Steve

[daledoc1]

Geez, what's up with THAT?

Mozilla and the Big G plugged their holes within 48 hours of this a month ago!

(I don't use IE for my preferred or default browser, but still....)

[DarkSnakeKobra]

Little clarity could be made here. At first I thought they meant they issued a fix that didn't fix the issue that it was for. Although that wouldn't surprise me either really.

Hmmm, so why wasn't this addressed?