Microsoft: No Pwn2Own Bug in IE9

Last Thursday, Microsoft said that Internet Explorer 9 does not contain the blog revealed this week by an Irish researcher at the Pwn2Own hacking contest.

Despite IE9 not being vulnerable to the attacks, up to 99% of Internet Explorer users may be at risk.

At the contest on Wednesday, it was researcher Stephen Fewer from Harmony Security who chained three exploits to hack IE8 receiving $15,000 and a Sony Laptop for his work.

It wasn't long before Microsoft said they had the vulnerabilities under control and had started looking into it.

Jerry Bryant from the Microsoft Security Response Center said "The vulnerability was addressed in the RC [release candidate] and RTM [release to the Web] versions of Internet Explorer 9. This update is already in the pipe for down level-versions of Internet Explorer."

Microsoft anticipate IE9 RTW - the browser's final code - will be available for download at 9 a.m. PT today.

However, because IE9 has less than 1% market share, the vast majority of Internet Explorer users need to wait for a patch to be released to fix the vulnerabilities.

So far, Microsoft have not specified a timetable for releasing the patch, However, if they keep to their standard practice of only updating on even-numbered months, April 12th will be the first opportunity.

print this article

Return to microsoft news headlines
View Microsoft News Archive

Share with: