A pair of newly discovered security flaws in Microsoft’s Internet Explorer and Outlook programs could put millions of users at risk of code execution attacks, a private research outfit warned Thursday.
This is part for the course – we expect there to be serious security flaws in Microsoft products.
Marc Maiffret, chief hacking officer at eEye, said the flaws were rated “high-severity” because malicious hackers could run a successful exploit from anywhere on the Internet.
“These are client-side vulnerabilities that could allow attacks via a Web browser or the Outlook client. The risk of a zero-day attack is quite high,” Maiffret said in an interview with eWEEK.com.
He said Microsoft was alerted to the first vulnerability March 16.
March 16th? That’s 16 days ago? Must be a biggie!
A spokeswoman for the software giant confirmed that engineers at the Microsoft Security Research Center were investigating the eEye discoveries.
“At this time, Microsoft is not aware of any malicious attacks attempting to exploit the reported vulnerabilities, and there is no customer impact based on this issue,” she said.
Once the investigation is done, she said Microsoft would “take the appropriate action” to protect affected users.
They are investigating? What? 16 days and no patch?
Microsoft is in serious trouble. To properly secure their OS, they need to re-write it from the ground up. But they cannot take the time to do that, as there are other OS’s breathing down their neck. If they took a year off, and rewrote windows they would be two years behind (they are already at least a year behind Apple and the FOSS community). So they are stuck – keep developing Longhorn – keep slashing features from it and trying to shore up the issues that they already see coming, or drop it, and re-write the whole shebang. They have already basically lost the war in the web server market – Apache rules there with an iron fist. They are taking heat on the browser side, with Firefox and Opera starting to make serious inroads. Open Office is sniffing around at their flanks. Things are starting to look grim for the Faithful in Redmond.
But, perhaps this is not as it looks at first. Taking into account that Bill said he was going to give his money away, perhaps this is just a plot. If Microsoft were to fail, he could walk away with a hefty sum of money and claim that he kept his word!
Conspiracy theory’s aside, the technical challenges faced by Microsoft are immense. The choices that they are faced with are really tough – keep the old, or develop the new? My guess is that they stay the course.