Microsoft Corp is investigating a report of seven new security holes in its Internet Explorer browser discovered by a Chinese researcher, a company spokesman said on Friday.

The spokesman said Microsoft is not aware of anyone actively exploiting the holes or of any impact on customers.

Two holes are critical and could allow an attacker to run a program that would delete files, crash the machine or take control of it from a remote location, said Russ Cooper of TruSecure Corp. who edits the NTBugTraq e-mail list.

Cooper said, however, he was not yet concerned about the security holes because of the inactivity.
"There just aren't any new attacks being made" on Internet Explorer, he said.

The discovery of the holes was not reported directly to Microsoft but was announced on public mailing lists, a move the Microsoft spokesman criticized.

Software companies prefer that independent researchers notify them of potential holes in their products before they release the news to the public so the companies have time to develop fixes for them.

The Source


"The secret to creativity is knowing how to hide your sources."
-Albert Einstein

Tech Ninja Security