IE9? What!? Us, Worry?
Microsoft (of course) claims that there is no exploitable bug in the FINAL release of IE 9 that was used to allow a successful attack by an Irish researcher this week on an earlier (IE8) version. Uh huh.
Microsoft: No Pwn2Own bug in IE9
“Computerworld – Microsoft on Thursday said its Internet Explorer 9 (IE9) does not contain the bug exploited this week by an Irish researcher at the Pwn2Own hacking contest.
But while IE9 is not vulnerable to attacks using the same Pwn2Own exploit, up to 99% of IE’s users may be at risk.
On Wednesday, researcher Stephen Fewer of Harmony Security chained three exploits to hack the older IE8, receiving $15,000 and a Sony laptop from HP TippingPoint for his work.
Shortly after Pwn2Own organizer Aaron Portnoy announced Fewer’s success, Microsoft said it had the vulnerabilities in hand and had started investigating.
IE9, however, will not need a patch. ‘The vulnerability was addressed in the RC [release candidate] and RTM [release to the Web] versions of Internet Explorer 9,’ said Jerry Bryant, a group manager with the Microsoft Security Response Center, in an e-mail reply to questions. ‘This update is already in the pipe for down level-versions of Internet Explorer.’