Security

Microsoft missed critical IE bug

Microsoft Corp. developers overlooked a critical bug in the Internet Explorer browser because of a lack of adequate testing tools and training, a company official acknowledged last month.

The flaw, which Microsoft patched last week with an emergency update, had gone undetected for at least nine years.

Michael Howard, a principal security program manager who has been a proponent of the company's secure code-development process, said that Microsoft programmers had not been taught to look for the type of vulnerability that hit the data-binding function of IE.

Even Microsoft's automated “fuzzer” testing tools, which are dropped into applications to find failures, missed the bug, Howard said in a post on the company's Security Development Lifecycle blog.

Previous ArticleNext Article

Leave a Reply

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend