back to article Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Microsoft has run out of time to fix four critical security vulnerabilities in the mobile edition of Internet Explorer – prompting HP's Zero Day Initiative (ZDI) to disclose their existence without revealing any damaging details. All four of the flaws present a remote code execution (i.e. malicious code injection on a Windows …

  1. This post has been deleted by its author

    1. Lee D Silver badge

      Re: “There is not much you can do at the moment, except refrain from using Internet Explorer.”

      September is going to be interesting.

      Working in schools, it's the busiest time of year setting everyone up and dealing with the newbies.

      Additionally, Chrome and Firefox are ditching old plugins and barely any content providers have taken any heed of their (years of) warnings. They will no doubt recommend that we "just use Internet Explorer".

      Banks, however, are quite content with us being on Internet Explorer where junk like this happens every week and, yet, won't make their stuff work on other web browsers except through plugins and junk.

      September is going to be fabulous. "Why doesn't this work? It worked last year!" "Chrome switched that feature off" "So, let's use Firefox" "So did Firefox". "So let's go to IE" "The browser we stopped using as it was insecure and causing no end of problems? And the one that's being retired soon in favour of the new Edge browser?".

  2. Wolfclaw

    120 days is more than enough time, companies should be forced to cover costs of an intrusions, they'll soon get their acts together when it hits their profits !

    1. Alan Parsons


      ..they don't have any profits

    2. Roo

      The problem with setting a hard and fast limit is that you really have no idea what kind of resources the vendor has to spare to apply to the problem - and they well be in a situation where throwing more resources at the problem won't help them beat the deadline.

      On the other hand leaving it 120 days before even notifying the public that there are remote exploits in widely used software seems pretty irresponsible to me.

    3. Anonymous Coward
      Anonymous Coward

      Sure, HP is well known for updating and fixing ASAP their server management tools...

    4. Shannon Jacobs

      I agree with you that 120 days is enough time if the companies cared, but since there is NO meaningful liability for any degree of negligence or incompetence (check your EULA), why should they care? EVER. My own belief is that if Microsoft were held to account merely for the direct damages from their failures, they would probably be bankrupt, and if they were accountable for punitive damages for gross failures, then they would surely be gone.

      Having said that, I'm not sure a rigid 120 days is the best time limit. I think the time limit should reflect the complexity of the bug in relation to the likelihood of someone else discovering it. What they are doing now is almost like giving out hints, and the main meaning of the 120-day limit is that it indicates the bug is hard to fix. Or possibly that the owner of the bug has evaluated it and decided that it isn't a real threat or that the exploits would be too difficult to implement?

      1. JCitizen

        @ Shannen

        Well I guess we don't have to buy Microsoft phones then!

  3. Florida1920

    Works for me!

    “There is not much you can do at the moment, except refrain from using Internet Explorer.”

  4. Bottle_Cap


    Win win it is then!

  5. Hans 1

    I know this is for windows mobile, but there sure will be a zero day in Edge before santa comes round this year, with code in the wild... remember, Adobe helped them out. ROFLMAO

    120 days seems reasonable to me.

    Windows Mobile^H^H^H^H^H^HPhone^H^H^H^H^HMobile is dead anyway, why bother ?

  6. L05ER


    maybe i can finally get a jailbreak out of this...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like