Wednesday, April 30, 2014

Internet Explorer vulnerability given a high profile

A vulnerability in Internet Explorer announced by Microsoft last week appears to have received a much higher profile reaction compared to other vulnerabilities, with even the UK and US governments getting in on the act to advise people to switch browsers. (Some might say that advice about data privacy is a bit rich coming from them...)

The specific vulnerability is reported to be the exploitability of Adobe Flash Player using a technique baptised "Heap Feng Shui". Reported, that is, apparently not by Microsoft, who have so far disclosed little information other than that they are still investigating the matter.

And this may be one of the reasons for the higher-profile reaction. Since the recent retirement of Windows XP, the world is now coming to terms with the reality of a vulnerability report effectively saying: "There's a serious security risk whose details we are not fully disclosing, which we do not promise to fix on 29% of computers in the wild".

And it's a reality they may need to get used to.

No comments: