The IE exploit that allowed the Google hack? MS knew about it IN SEPTEMBER

[thewayne]

From TFA: Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.

According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Linux and Mac have forced you to use Sudo to access low-level stuff for quite a while now, most Windows home users, prior to Vista, have been running as local admin, and were very vulnerable to this. Vista and Win7 made a lot of improvements in this area, but there are still far too many compromises possible.

http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw


In other news, Microsoft released a patch for this particular exploit.

http://www.pcmag.com/article2/0,2817,2358284,00.asp

http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art_pos=17

Comments

[silveradept]

True. Although it seems like the Linux community is reasonably good at making their OS work with the infinite possibilities of hardware, but then they're not as concerned with proprietary information getting out. If OSX were as popular and had as many things written for it as Windows does, then maybe they'd have the same sort of problems. Maybe Intel Macs have some of those?