EnterpriseSecurity
SecurityProNews
ITmanagement







Google Declares Major Security Issues With Internet Explorer

By Jen Williams
Expert Author
Article Date: 2011-01-28

Michal Zalewski is a researcher and engineer at Google who's recent focus has been on "fuzzing," or checking browsers and sites for potential security holes.

He's done this largely through the development of a fuzzing program known as cross_fuzz. When he developed this program, intended for eventual public release, Zalewski began checking through the current browsers to see if there were any security gaps that needed to be addressed.

He found one, it seems, in Microsoft's Internet Explorer. This security issue involves CSS, one of the core coding language of web design. When memory is reserved for CSS actions, it can cause a crash that could be exploited by a malicious third party who was aware of the vulnerability.

That's why there's such an issue with the fact that Zalewski released the information on the security hole to the public; if it's better known, it's more likely that people will try to take advantage of it. But this isn't news to Microsoft, says Zelwski, who claims that he warned them about the issue in July of 2010.

Microsoft does acknowledge that they were sent a copy of cross_fuzz and a warning from Zalewski, but state that they were unable to replicate any of the errors that the Googler claimed were present. They were able to see the specifics of the error only with the latest update of cross_fuzz, they state, and warned users of the issue immediately upon confirmation.

Of course, confirmation internally for Microsoft happened at about the same time that Zalewski publicly announced the problem. Zalewski claims he only did so because outside sources had also discovered, and would soon be exploiting, those issues. In any case, the cross_fuzz tool was released to the public on January 1st of 2011, so whether or not it actually was discovered by outside sources prior to that, it's likely that it would have been found by now.

Comments
About the Author:
Jen Williams is a guest author for Pronet Advertising.

Newsletter Archive | Submit Article | Advertising Information | About Us | Contact

EnterpriseSecurityNews is an iEntry, Inc.® publication © All Rights Reserved Privacy Policy and Legal