Less than a week after Microsoft patched the Internet Explorer vulnerabilities responsible for the China-based attacks on Google and over two dozen other tech companies, more flaws have cropped up. Core Security Technologies has discovered a set of holes, which aren't very serious on their own, but can be exploited together to take control of a system remotely.
"There are three or four ways to conduct this type of attack," said Jorge Luis Alvarez Medina, a security consultant for the firm, and hackers could string together four or five minor vulnerabilities in IE to compromise a system. Alvarez Medina notes that he wasn't sure whether the exploit has been used in the wild.
Core Security Technologies is reportedly working with Microsoft to remedy the flaws, and Redmond told Ars that it is "investigating a responsibly disclosed vulnerability in Internet Explorer," and it is "currently unaware of any attacks trying to use the vulnerability or of customer impact, and believe consumers are at a reduced risk due to responsible disclosure."
There's no word on when to expect a patch – let's hope it's not five months away this time.