Security

Microsoft missed critical IE bug

Microsoft Corp. developers overlooked a critical bug in the Internet Explorer browser because of a lack of adequate testing tools and training, a company official acknowledged last month.

The flaw, which Microsoft patched last week with an emergency update, had gone undetected for at least nine years.

Michael Howard, a principal security program manager who has been a proponent of the company's secure code-development process, said that Microsoft programmers had not been taught to look for the type of vulnerability that hit the data-binding function of IE.

Even Microsoft's automated “fuzzer” testing tools, which are dropped into applications to find failures, missed the bug, Howard said in a post on the company's Security Development Lifecycle blog.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

x
Huawei Fit Band

Competition

Win a Huawei Fit Band worth over 300AED!

0 426We’re giving away one Huawei Fit Band, a high-tech fitness watch with up to 6 days of battery life that …

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend