Security

Microsoft missed critical IE bug

Microsoft Corp. developers overlooked a critical bug in the Internet Explorer browser because of a lack of adequate testing tools and training, a company official acknowledged last month.

The flaw, which Microsoft patched last week with an emergency update, had gone undetected for at least nine years.

Michael Howard, a principal security program manager who has been a proponent of the company's secure code-development process, said that Microsoft programmers had not been taught to look for the type of vulnerability that hit the data-binding function of IE.

Even Microsoft's automated “fuzzer” testing tools, which are dropped into applications to find failures, missed the bug, Howard said in a post on the company's Security Development Lifecycle blog.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines