Microsoft fixed the IE11 0-day vulnerability exposed by Hacking Team email
Three Flash 0-day and one IE 11 0-day are exposed in the Hacking Team file of 400 GB. Microsoft released a patch in July 14 to fix this high-risk vulnerability that allows remote code execution. Adobe also released an update on the same day to fix two Flash 0days, and the other has been fixed last week.
The vulnerability in IE 11 was not discovered by the Hacking Team, but was disclosed by an external security researcher in an email sent to the Hacking Team executive. The researcher asked the Hacking Team if they were interested in purchasing the ticket. The Hacking Team refused the offer.
However, the information exchanged in the email allows Vectra Networks researchers to discover and analyze this vulnerability. Vectra Networks notified Microsoft in, and Microsoft fixed the vulnerability in routine updates in.