Microsoft recently patched a total of 14 vulnerabilities in Internet Explorer as it prepares the browser for its time as a target at next month’s annual Pwn2Own hacking contest. Microsoft recently patched 57 vulnerabilities, including 14 affecting Internet Explorer, that were delivered in two separate security updates.
One of those updates, MS13-009, corrected 13 flaws, a dozen of which were “critical”, the most serious threat rating the company has. The second update, MS13-010, patched a single vulnerability, also determined as critical. Internet Explorer 9 and Internet Explorer 10 will face Pwn2Own hackers on March 6 at the CanSecWest security conference in Vancouver.
The first researchers to successfully demonstrate an exploit of one or more previously-unknown vulnerabilities in Internet Explorer 9 on Windows 7 will take away a $75,000 cash prize. The first person to take down Internet Explorer 10, the newest browser in the series, running Windows 8 will receive $100,000.
A total of 11 out of the 13 vulnerabilities patched in MS13-009 were rated critical for Internet Explorer 9 on Windows 7 while four of them were tagged the same for Internet Explorer 10 on Windows 8. The one exploit in MS13-010 was labeled critical for both browsers.
According to Microsoft, the vulnerabilities could be exploited by a hacker to gain control of a Windows PC. If they had gone unpatched, researchers would have been able to use them at Pwn2Own. Director of Security Operations at nCircle Security Andrew Storms noted the large number of Internet Explorer vulnerabilities patched, which was the most in the past six years. According to Storms, “It’s a big clearing of the backlog.”
If past practices hold true, other major internet browsers will also update their applications before Pwn2Own. Mozilla is planning on shipping Firefox 19 on February 19 and, although it doesn’t adhere to a regular update schedule for Chrome, Google will probably patch before the contest as well.
Pwn2Own will award prizes of $100,000 to the first researcher to crack Chrome on Windows 7 and $60,000 to the first to hack Firefox on that same operating system.
Source: Computer World – Microsoft Patches IE with record-setting updates to prep browser for Pwn2Own