infoTECH Feature

January 04, 2011

Microsoft Reviewing Discovery from Google Engineer on Bug

There is apparent confirmation from a Google (News - Alert) security engineer that Microsoft’s Internet Explorer (IE) has a “vulnerability.”

NetworkWorld reports that Microsoft (News - Alert) is analyzing the bug, and is reviewing the report from Google’s Michael Zalewski. The bug was one of some 100 found by Zalewski using a "fuzzing" tool, according to NetworkWorld.

IE, Firefox, Chrome, Safari and Opera each had vulnerabilities, NetworkWorld added.

NetworkWorld explains that “fuzzing” is “used to locate vulnerabilities and find flaws in code.” By using a fuzzer, researchers can employ a “technique by inputting data into applications or operating system components to see if -- and where -- crashes occur,” NetworkWorld explained.

In addition, Zalewski said the bug, which he describes as an “exploitable vulnerability” is “independently known to third parties in China,” according to his report on the matter.

On Dec. 30, Zalewski received “search queries from an IP address in China, which matched keywords mentioned in one of the indexed cross_fuzz files.”

“Crucially, the person had no apparent knowledge of cross_fuzz itself, poked around the directory for a while, and downloaded all the accessible files; suggesting this not being an agent one of the notified vendors, but also being a security-minded visitor,” Zalewski reported. “It also leads him to believe there was “an independent discovery of the same vulnerability.”

It appears that Microsoft had asked Zalewski to “delay” the “release of fuzzer” “because of 'PR impact,'” based on a statement in his report.

In another Internet Explorer matter, TMCnet reported that Microsoft has two new security patches, which include software updates to prevent attacks on Windows and Internet Explorer. It appears the security patches were not related to the incidents reported by Zalewski, according to NetworkWorld.

In other company news, Firefox surpassed Internet Explorer and was ranked as the top browser in Europe during December 2010, according to data from StatCounter (News - Alert), TMCnet reported.

In December, Firefox had 38.11 percent of the European market share, compared to IE's 37.52 percent, said TMCnet.

Ed Silverstein is a TMCnet contributor. To read more of his articles, please visit his columnist page.

Edited by Jaclyn Allard

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers