Monday, June 29, 2015

HP releases unpatched IE exploit code

Although Microsoft paid a huge amount of $125,000 for finding Address Space Layout Randomisation (ASLR) vulnerability in Internet Explorer 11 to HP's Zero Day Initiative. Company still not eager to release the security patch to address the flaw. After Microsoft refusal, HP has decided to publish Proof-of-Concept code that could be used to exploit the vulnerability. According to HP, they are concerned about users and wanted to inform about the issue and then it's users call whatever they feel appropriate, where as, Microsoft believes that flaw does not affect the default configuration of IE, so there is no need to apply any fix for it. <more>

No comments: