Microsoft rushes to fix IE kill-bit bypass attack

27.07.2009

One of the researchers presenting at Black Hat, Ryan Smith, reported this flaw to Microsoft more than a year ago and this flaw will be discussed during the Black Hat talk, sources confirmed Monday.

A Microsoft spokesman declined to say how many ActiveX controls are secured via the kill-bit mechanism explaining that the company "doesn't have additional information to share about this issue," until the patches are released. But Schutze said that there are enough that the Tuesday patch should be applied as soon as possible. "If you don't apply this, it's like you've uninstalled 30 earlier patches," he said.

Smith declined to comment for this story, saying he was not allowed to discuss the matter ahead of his Black Hat talk. The other two researchers involved in the presentation work for IBM. And while IBM declined to make them available for comment Monday, company spokeswoman Jennifer Knecht confirmed that the Wednesday Black Hat talk is related to Microsoft's Tuesday patches.