Microsoft Issues IE Security Alert

Discussion in 'other security issues & news' started by ronjor, Oct 11, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Story
     
  2. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    Shouldn't it read it does not affect IE 6 or earlier? It only involves ...
    Otherwise, there's a contradiction ...
    Cheers,
    Mrk
     
  3. DevilFrank

    DevilFrank Registered Member

    Joined:
    Jul 20, 2003
    Posts:
    108
    http://www.microsoft.com/technet/security/advisory/943521.mspx

    Related Software

    Windows XP Service Pack 2 with Internet Explorer 7
    Windows XP Professional x64 Edition with Internet Explorer 7
    Windows XP Professional x64 Edition Service Pack 2 with Internet Explorer 7
    Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 with Internet Explorer 7
    Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 with Internet Explorer 7
    Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems with Internet Explorer 7
     
  4. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    It strikes me very odd with all these security issues related to IE. I have forever and a day been using IE 6 since after 5.5 on 98SE, and i yet to find any real serious threat or anything else in it that would force my hand to jump to FF or Opera, although on occasion i do use Opera, but certainly not for security reasons. Yeah, on 98SE it was easy to slip malicious whatevers thru the browser and even on XP the same can be said although security programs have all but nullified any real serious intrusions from that channel anymore.

    And now IE 7 is reported to suffer from a security issue. Maybe thats why i tend to hold way way back on upgrades to new versions of anything $M, because sooner or later another then another issue is announced which in turn makes for going after yet another in a long series of patches.

    I just don't get it about $M and all these constant issues which they say require immediate attention.
     
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hello Easter,

    I also haven't ever encountered an IE exploit unless going directly for testing to a known site with the vulnerability.

    I wonder if MS is just covering themselves by issuing these advisories in advance of an exploit in the wild. Then if/when exploits appear, they can say, "We warned you."

    -rich
     
  6. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Hi Rmus

    Yeah i know, but what for the life of me i simply don't understand about them is why they don't just separate IE from the rest of the system in some form that won't lead to all these marathon exploits being tested at it then released or sold or whatever exploiters do for fun & profit. :cool:

    Instead, $M seems quite content with just chasing after the monkey all the time but never really getting it off our backs. :D
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    IE's integration with the OS has always been a contentious issue. In Win95 days people were always looking for hacks to safely remove IE.

    As with pre-loading media players and other stuff, it makes the user part of a captive audience.

    Now, it's pretty easy to use alternative software if you know about it.

    As far as alternative browsers -- lest one thinks that lets you avoid security alerts: Firefox, for example, has released 28 security advisories so far this year:

    http://www.mozilla.org/projects/security/known-vulnerabilities.html

    A quick check of monthly Microsoft monthly advisories this year reveals 5 advisories for Internet Explorer: one each in Feb, May, June, Aug, October. This out-of-pocket security alert makes 6 for this year.

    Microsoft's flaws get more media attention, of course, because it's fashionable to bash Microsoft.

    -rich
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    He,he that's a good one and very well could be.
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    If I´m correct this is not a serious issue if you´re using a HIPS which controls parent-child process launching.
     
Loading...
Thread Status:
Not open for further replies.