March Patch Tuesday leaves IE unpatched for Pwn2Own hackers

Enterprise is running with shields down ... Lock phasers on target...

channel

Microsoft – unlike its browser rivals – will not be patching Internet Explorer before the upcoming Pwn2Own hacking contest next week.

A March Patch Tuesday pre-alert, published on Thursday, reveals that Redmond will be issuing three security bulletins next week, one of which affects a critical flaw in Windows and none of which relates to IE. The critical update affects Windows XP, Vista and Windows 7 while the two lesser risk ("important") bulletins cover a separate flaw in Windows and an update for the Office Groove 2007 software.

Net security firm Qualys said it expected the important update would cover a recently discovered MHTML Information Disclosure bug.

Redmond last patched IE in February, while Mozilla and Google each patched Firefox (more info here) and Chrome (here) respectively earlier this week – ahead of the annual fun and games of the Pwn2Own hacking contest.

Four browsers – IE, Firefox, chrome and Apple Safari – are in the firing line in the Pwn2Own contest, which will run from 9 to 11 March as part of the CanSecWest security conference in Vancouver next week. ®

Sponsored: 10 ways wire data helps conquer IT complexity