The flaw can be exploited remotely, a security firm says--and there's no patch available.
Microsoft's Internet Explorer browser sports a flaw that hackers could use to launch a remote attack on Windows XP SP2, eEye Digital Security said Thursday.
"The flaw is remotely exploitable," said Mike Puterbaugh, eEye's director of product management.
Although eEye has notified Microsoft of the bug -- and Microsoft has confirmed receipt of the report -- no patch is available. According to eEye, that's not unusual: on average, Microsoft has taken 132 days to patch holes that the Aliso Viejo, Calif.-based security vendor has reported since February 2004.
eEye takes the unique step of logging its reports to Microsoft, then showing the number of days since the vulnerability was confirmed by the Redmond company. After 60 days, it considers a patch "overdue."
Internet Explorer, says eEye, has at least five other critical, but unpatched, vulnerabilities, including ones reported 15, 46, 129, 134, and 171 days ago.
Microsoft has been patching IE regularly, but is having trouble keeping up with the browser's vulnerabilities. In August, it fixed three bugs in the browser, and since the first of the year, has patched IE five out of nine months.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
2018 State of the CloudCloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.