Microsoft issued an emergency patch for a flaw in the Internet Explorer browser on Friday, but there are hints that the firm may have known about the flaw two months ago (http://www.techweekeurope.co.uk/news/internet-explorer-ie-security-flaw-microsoft-zdi-93765). the notes to Microsoft's patch credit the TippingPoint Zero Day Initiative for finding the flaw, instead of Eric Romang, the researcher at Metasploit who made it public (http://tech.slashdot.org/story/12/09/17/2159210/new-ie-zero-day-being-exploited-in-the-wild). ZDI's listings show its most recent report to Microsoft on 24 J uly, suggesting Microsoft may have known about this one for some time. The possibility raises questions about Microsoft's openness — as well as about the ethics of the zero day exploit market."

http://it.slashdot.org/story/12/09/24/1629224/did-microsoft-know-about-the-ie-zero-day-flaw-in-advance