Microsoft's "monkeys" find first zero-day exploit
Microsoft ‘s experimental Honeymonkey project has found almost 750 Web pages that attempt to load malicious code onto visitors’ computers and detected an attack using a vulnerability that had not been publicly disclosed, the software giant said in a paper released this month.
So reports Rob Lemos, in “Microsoft’s “monkeys” find first zero-day exploit.” We’ve always known that there’s lots of exploit code for unannounced vulnerabilities out there. Perhaps this will help us quantify that.
[Update: The vulnerability had been announced, but no patch was available. Pete Lindstrom has links in “Thank God for Honey Monkeys.” As to Pete’s question about how I know that there’s lots of exploit code, it’s easy. I’ve worked for organizations that took security seriously enough to detect and analyze new attacks. We regularly saw people exploiting unannounced flaws in our systems.]