Security 10808 Published by

A security firm claims to have found a way to bypass Microsoft's "Fix It" Patch for Internet Explorer 6, 7 and 8 which would allow the exploit that the patch closes to be used by hackers.



From Neowin:
Exodus Intelligence's blog site claims that it took less than a day of work to find issues with the patch. It added, " .... we were able to bypass the fix and compromise a fully-patched system with a variation of the exploit we developed earlier this week." The company says it plans to release its findings to Microsoft.

The "day zero" problem with IE6-8 was first discovered when hackers attacked the website of the Council on Foreign Relations last week and caused that site to host malicious content. The content was released as a heap spray attack conducted via Adobe Flash. As we have previously noted, this browser issue does not affect IE9 or IE10.
  Security firm: We have bypassed Microsoft's IE6-8 "Fix it" patch