Microsoft Patches Final Pwn2Own IE Bug

The biggest computer giant & tycoon, Microsoft bagged a handsome amount of fifteen thousand USD on the occasion of annual Pwn2Own hacking contest, using its Internet Explorer tactic on Tuesday. This process was mainly used by a researcher, Stephen Phewer of Harmony Security.  Before Stephens step in killing down IE8 on Windows 7 at Pwn2Own, the company did scrap Internet explorer twice for nullifying the bugs. This made him eligible for the handsome cash prize along with a handsome notebook from SONY.

As far as susceptibility is concerned; Stephen tied three different exploits for surpassing the sand box of Internet explorer synonymous with “Protected Mode”. Squaring the third IE  bug, Microsoft created a multiple-flaw update as a part of its browser, a significant member  of its thirteen bulletin collection. Nevertheless Stephen was praised by Microsoft according to MS11-057 bulletin for perfectly identifying the third phase of exposition; it is declared that it was not the result of any security reluctance. This news is being signified as CVE-2011-1347.

Targeting functionality, Microsoft said that it doesn’t contain any insecure stuff. The main game that Stephen played at Pwn2Own was using the bypass bug & outsmarted the protected mode of the software which gradually permitted him to install a document in the machine, which is equivalent to the imitation of a hacker installing malware. Cyber researcher, Stephen declared that he used MS11-057 amalgamating the last bug for bypassing the sand box of internet explorer. The first two bug comprised of a use-after-free  that was perfectly paired in MS11-018 along with an information leak patching up with  MS11-050.Stephen already made Microsoft aware through Tipping Point’s bug bounty program regarding the activities of patching up MS11-018 and MS11-050, which were the designations of the April and  June bulletins of Microsoft respectively. However according to Aaron Portnoy, manager of Tipping Point security research team, the bugs that were mainly exploited by Stephen was absent in IE9, the recently launched browser of  Microsoft. These were the same words that were heard from Microsoft too. Stephen has been doing research with IE9 and it also turned out to be the first susceptible IE9 being patched as a fraction of MS11-057, with a special reference to a specific & separate bug that was also credited to his name.

Although Stephen is not having any future plans for the competitions, he would like to keep few new bugs ready for him due to some forecasted uncertainty in the computer world. After all he is a researcher & a researcher must keep his weapons handy. MS11-057 for IE, can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services.

Leave a Reply

Your email address will not be published. Required fields are marked *