Microsoft Issues IE Security Alert

Hello,
Shouldn't it read it does not affect IE 6 or earlier? It only involves ...
Otherwise, there's a contradiction ...
Cheers,
Mrk

 

http://www.microsoft.com/technet/security/advisory/943521.mspx

Related Software

Windows XP Service Pack 2 with Internet Explorer 7
Windows XP Professional x64 Edition with Internet Explorer 7
Windows XP Professional x64 Edition Service Pack 2 with Internet Explorer 7
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 with Internet Explorer 7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 with Internet Explorer 7
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems with Internet Explorer 7

 

It strikes me very odd with all these security issues related to IE. I have forever and a day been using IE 6 since after 5.5 on 98SE, and i yet to find any real serious threat or anything else in it that would force my hand to jump to FF or Opera, although on occasion i do use Opera, but certainly not for security reasons. Yeah, on 98SE it was easy to slip malicious whatevers thru the browser and even on XP the same can be said although security programs have all but nullified any real serious intrusions from that channel anymore.

And now IE 7 is reported to suffer from a security issue. Maybe thats why i tend to hold way way back on upgrades to new versions of anything $M, because sooner or later another then another issue is announced which in turn makes for going after yet another in a long series of patches.

I just don't get it about $M and all these constant issues which they say require immediate attention.

 

Hello Easter,

I also haven't ever encountered an IE exploit unless going directly for testing to a known site with the vulnerability.

I wonder if MS is just covering themselves by issuing these advisories in advance of an exploit in the wild. Then if/when exploits appear, they can say, "We warned you."

-rich

 

Hi Rmus

Yeah i know, but what for the life of me i simply don't understand about them is why they don't just separate IE from the rest of the system in some form that won't lead to all these marathon exploits being tested at it then released or sold or whatever exploiters do for fun & profit.

Instead, $M seems quite content with just chasing after the monkey all the time but never really getting it off our backs.

 

IE's integration with the OS has always been a contentious issue. In Win95 days people were always looking for hacks to safely remove IE.

As with pre-loading media players and other stuff, it makes the user part of a captive audience.

Now, it's pretty easy to use alternative software if you know about it.

As far as alternative browsers -- lest one thinks that lets you avoid security alerts: Firefox, for example, has released 28 security advisories so far this year:

http://www.mozilla.org/projects/security/known-vulnerabilities.html

A quick check of monthly Microsoft monthly advisories this year reveals 5 advisories for Internet Explorer: one each in Feb, May, June, Aug, October. This out-of-pocket security alert makes 6 for this year.

Microsoft's flaws get more media attention, of course, because it's fashionable to bash Microsoft.

-rich

 

He,he that's a good one and very well could be.

 

If I´m correct this is not a serious issue if you´re using a HIPS which controls parent-child process launching.