You are here: Home / Security News / Microsoft Internet Explorer Zero Day Bug: key events

Microsoft Internet Explorer Zero Day Bug: key events

May 3, 2014 by Leave a Comment

Here is the timeline of the now fixed Microsoft Zero Day Bug:

ie bug

Copyright: bubblenews

April 9, 2014: Microsoft stops supporting Windows XP.

 April 26, 2014: Microsoft announces the bug, originally discovered by FireEye

 April 28, 2014: The U.S. government issued an advisory warning people not to use Microsoft’s browser.

April 30: 2014: Microsoft offers advisory to deal with the zero day bug.

May 02, 2014: Microsoft fixes the bug: It is believed that the CEO of Microsoft was involved in the decision making. This makes this bug extremely high profile and propels the importance of security to another level.

What was the bug about: A zero-day bug or attack takes advantage of a security vulnerability on the same day that the vulnerability becomes publicly known. There are “zero days” between the time the vulnerability is discovered and the first attack. This is one of the biggest zero day bug ever. According to Microsoft, the bug “may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.” Simply put, if the user is using particular versions of Windows XP and IE (versions 6 to 11) , attackers could lure the user to a malicious websites then run any code on the system, possibly taking complete control. The impact was huge as about a fourth of Windows users use the versions involved.

What it now means to XP and IE users: Most users need to do nothing as the fix will be downloaded automatically, next time they connect to the internet. But those who have disabled automatic updates need to apply the update manually.

Broader impact:  Earlier, Mashable’s Lance Ulanoff called on Microsoft CEO Satya Nadella to reverse course with “One Last Patch” for Windows XP. Such a move would make Nadella “the temporary hero of millions of hapless Windows XP users,” and if presented in the right way, would underscore the security risks associated with remaining on Windows XP, Ulanoff said. By those standards Nadella has rescued 25% of the world! However this goes on to show that a critical security issue can put a major corporation under pressure to work on patches an products which it had decided not to support.

 

References:
1. Time: Microsoft Fixes Internet Explorer Security Bug

2. venturebeat.com: U.S. government urges caution after Microsoft reveals dangerous Internet Explorer bug

Beginners guide to terms used:
Zero Day Attack

 

Twitt
Filed Under: Security News, Web Security

Speak Your Mind

*