The Sydney Morning Herald said Butler tried reporting in June what he found to Microsoft, but sent his report to the wrong email address.
"The glitch affects the way browser software attempts to automatically configure proxy settings and means millions of PCs around the world are attempting to download configuration information from the Internet instead of their ISP," the report said.
Simply by owning the right domain, an attacker could easily watch as thousands of computers stopped by to pick up malicious configuration information. Butler's experiment in researching the problem could have allowed him to attack over 160,000 PCs in New Zealand.
Butler described Microsoft's renewed, keen interest in fixing this flaw as "freaky outty." Worse for Microsoft, the problem exists in Vista, which they have touted as their most secure operating system.
Internet Explorer Unsafe For Most of 2006Microsoft Release Cumulative Security Patch For Internet ExplorerMicrosoft Releases Another Patch For Internet ExplorerEssential Internet Business SoftwareMicrosoft Set To Launch Improved Mobile Web Browsing Microsoft Embraces Standards For IE8Internet Explorer 7 Released By Yahoo?New Bugs Found In Microsoft Outlook, Internet ExplorerOfficial Google Response: Microsoft's Bid On Yahoo! "Hostile"Google Rekindling the Microsoft Fire
Comments
Post new comment