The Windows Vista zero-day Exploit Is For Sale: $50K
An online criminal has offered to sell software that exploits an unpatched bug in Microsoft Corp.’s Windows Vista operating system, according to security vendor Trend Micro Inc. The code was offered for sale in an underground hacker discussion forum last month, said Raimund Genes, Trend Micro’s chief technology officer. The asking price? US$50,000.
If the offer is legitimate it would be the first serious bug reported in Vista since it was released to business customers at the end of November. The consumer version of Vista is set to ship next month. Microsoft is investigating Trend’s claims but has “not been contacted directly by any parties about this vulnerability report, nor are we directly involved in the forums in which vulnerabilities are reportedly traded,” the company said in a statement.If someone did pay for the code — called a “zero-day” exploit — it was purchased at a premium price. According to Genes, a similar exploit for Internet Explorer would command about $5,000. “This was way more,” he said. “Maybe the person said, ‘This is the first working exploit on Vista, so I can charge a premium.'”
Comments are closed.