Microsoft will patch IE zero day - eventually2014-05-23 09:44 by Daniela
Tags: Microsoft, Internet Explorer
Microsoft said Thursday it plans eventually to patch a vulnerability in Internet Explorer 8 that it's known about for seven months, but it didn't say when.
The flaw "allows remote attackers to execute arbitrary code" on vulnerable, older versions of IE such as 8, says the Zero Day Initiative site, which offers rewards for finding flaws in commercial software. It was originally discovered by Peter Van Eeckhoutte, also known as "corelanc0d3r".
The flaw was first disclosed to Microsoft in November last year, and the site usually gives 180 days for a fix to be applied before it is publicly disclosed. By February, Microsoft had confirmed that it had been able to replicate the problem, but had not fixed it.
The company did not give a reason for the long delay but said in a statement that some patches take longer to engineer and that "we must test every one against a huge number of programs, applications and different configurations."
Read more -here-