Microsoft has opted not to release any patches to its Internet Explorer 8 browser prior to this year's Pwn2Own browser exploit challenge, which is set to run from March 9 to March 11 at the CanSecWest security conference.
There's been no indication as to why Microsoft's not making one last effort to plug security vulnerabilities within Internet Explorer 8. Pundits have suggested that the company might be waiting to see exactly what exploits and security flaws are uncovered by the various contestants in the annual contest, such that the company can more quickly address them post-Pwn.
For the uninitiated, Pwn2Own works like this: Security researchers square off in an attempt to hack through the browser or mobile operating systems of eight different targets. Each Pwn2Own entrant or team has 30 minutes to compromise the browser or phone, and each device or web browser has—at maximum—four individuals or teams competing.
The first group to successfully hack a device or browser wins a cash prize of $15,000 for each, with a special reward of $20,000 going to a group that successfully manages to crack Google's Chrome browser (currently unblemished in all its Pwn2Own appearances).
The software and hardware participants in this year's contest include the "Big Four" web browsers--Microsoft's Internet Explorer 8, Apple's Safari, Mozilla's Firefox, and Google Chrome—as well as four different mobile phones: a Dell Venue Pro, iPhone 4, Blackberry Torch 9800, and an Android-driven Nexus S.
To Microsoft's credit, the company typically issues Internet Explorer updates in even-numbered months. And indeed, the last major patch to the browser hit as part of Microsoft's February 2011 Cumulative Security Update. Updates scheduled for this week's Patch Tuesday included two fixes for Windows itself and one patch for Groove 2007.
Mozilla and Google have already updated their respective browsers this past week. Mozilla fixed ten security flaws in Firefox—eight of which were rated "critical" by the company, which is described by Mozilla as, "The big bada boom." A critical bug allows an attacker to run code and install software as if he or she was sitting in front of a compromised computer itself.
Google fixed up 19 different vulnerabilities in its release of Chrome 9.0.597.107, which included 16 issues with a rating of "High" by Google. Third-party contributors to Google's bug-patching process earned a total of $14,000 for their efforts in unmasking Chrome vulnerabilities, with 13 bugs each earning their submitters a $1,000 award apiece.
There's been no indication as to why Microsoft's not making one last effort to plug security vulnerabilities within Internet Explorer 8. Pundits have suggested that the company might be waiting to see exactly what exploits and security flaws are uncovered by the various contestants in the annual contest, such that the company can more quickly address them post-Pwn.
For the uninitiated, Pwn2Own works like this: Security researchers square off in an attempt to hack through the browser or mobile operating systems of eight different targets. Each Pwn2Own entrant or team has 30 minutes to compromise the browser or phone, and each device or web browser has—at maximum—four individuals or teams competing.
The first group to successfully hack a device or browser wins a cash prize of $15,000 for each, with a special reward of $20,000 going to a group that successfully manages to crack Google's Chrome browser (currently unblemished in all its Pwn2Own appearances).
The software and hardware participants in this year's contest include the "Big Four" web browsers--Microsoft's Internet Explorer 8, Apple's Safari, Mozilla's Firefox, and Google Chrome—as well as four different mobile phones: a Dell Venue Pro, iPhone 4, Blackberry Torch 9800, and an Android-driven Nexus S.
To Microsoft's credit, the company typically issues Internet Explorer updates in even-numbered months. And indeed, the last major patch to the browser hit as part of Microsoft's February 2011 Cumulative Security Update. Updates scheduled for this week's Patch Tuesday included two fixes for Windows itself and one patch for Groove 2007.
Mozilla and Google have already updated their respective browsers this past week. Mozilla fixed ten security flaws in Firefox—eight of which were rated "critical" by the company, which is described by Mozilla as, "The big bada boom." A critical bug allows an attacker to run code and install software as if he or she was sitting in front of a compromised computer itself.
Google fixed up 19 different vulnerabilities in its release of Chrome 9.0.597.107, which included 16 issues with a rating of "High" by Google. Third-party contributors to Google's bug-patching process earned a total of $14,000 for their efforts in unmasking Chrome vulnerabilities, with 13 bugs each earning their submitters a $1,000 award apiece.