It seems that this issue was originally disclosed here: http://seclists.org/fulldisclosure/2015/Feb/0. Eventually a CVE was assigned: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0072 and then MSFT released a patch: https://technet.microsoft.com/en-us/library/security/ms15-018.aspx. But, according to https://blog.innerht.ml/ie-uxss/ (and local testing) it remains unpatched for Windows 8.1 on IE 11. Do anyone have any insight into what happened? I haven't seen any follow up to the issue as to why the patch didn't work (did it ever work and there was a regression or was the patch always broken)? And, more importantly, has there been any followup from MSFT? It would seem that Windows 8.1/IE 11 are still eligible for security updates, so I'm scratching my head on the lack of communication/patches here.
Thanks! _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
