MS kills critical IE 11 bug after exploit was shopped to Hacking Team

Microsoft has killed at least two security bugs linked to the compromised malware developer Hacking Team, including a critical remote-code execution hole that worked against people using the latest version of Internet Explorer on Windows 7 and 8 machines.

The IE vulnerability was discovered in an e-mail a security researcher sent to Hacking Team executives, according to a blog post published Tuesday by researchers from security firm Vectra Networks. In the message, a security researcher offered to sell proof-of-concept attack code exploiting the vulnerability, which was significant because it worked against what is widely regarded as Microsoft's most secure versions of Windows and IE.

"Are you by any chance interested in a PoC (DEP violation) last update to IE11, running on Win7 and Win 8.1?" the researcher wrote, according to the Vectra Networks blog post. "Let me know."

Read 3 remaining paragraphs | Comments