DHS Warning on Internet Explorer

DHS warns against using Internet Explorer until bug is patched by Mark Hachman.

From the post:

A vulnerability discovered in Internet Explorer over the weekend is serious—serious enough that the Department of Homeland Security is advising users to stop using it until it’s been patched.

On Monday, the United States Computer Emergency Readiness Team (US-CERT), part of the U.S. Department of Homeland Security, weighed in.

“US-CERT is aware of active exploitation of a use-after-free vulnerability in Microsoft Internet Explorer,” it said in a bulletin. “This vulnerability affects IE versions 6 through 11 and could lead to the complete compromise of an affected system.

Two questions that need answering:

First, how long as the NSA know about this vulnerability? Thinking the government should be helping the public and software vendors.

Second, is this really a zero-day bug? I ask because the source of the announcement was Microsoft itself. I thought “zero-day” referred to the advance notice given to the vendor before a bug is publicly identified. Yes?

Comments are closed.