Date: 08/22/05 (IT Professionals) Keywords: software, security, microsoft French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer. ยป Releasing zero-day exploits to sell a product George Ou ZDNet.com As companies are still picking up the pieces from the Zotob worm and its malicious siblings, a French information security company that sells early exploit warning services has released a zero-day exploit that attacks all versions of Microsoft Internet Explorer. The same company also released exploit code for the Windows PNP (Plug and Play) vulnerability less than 24 hours after Microsoft released a fix which led to the birth of the Zotob worm 5 days later. Many companies running Windows 2000 were not prepared to patch their systems on such short notice and they were hit the hardest. The release of this new exploit is even more alarming since it affects all instances of Internet Explorer and Microsoft has not had a chance to release a patch for this exploit.
Last month when Cisco sued Michael Lynn for simply talking about a Cisco vulnerability that was supposedly already patched by Cisco, I defended Lynn because Cisco had plenty of fair warning and Lynn wasn't releasing any actual exploit code. This case is the exact opposite because a company is releasing the actual exploit code without giving the software maker any time to issue a fix and they're doing it in a way to benefit their own business which borders on a "protection" racket. Since the company is located in France, legal challenges are a bit tricky. It's mind boggling that this sort of thing is even allowed in a civilized world governed by the rule of law. valis (since some of you didn't think i was very helpful last time ;) ) Source: http://www.livejournal.com/community/itprofessionals/19168.html
|