Microsoft To Ship Emergency IE Patch 187
Grotendo writes "Microsoft plans to release an emergency patch for Internet Explorer very soon to counter targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser. The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. This could happen as early as this weekend." Microsoft has downplayed the seriousness of the IE zero-day, and insisted that it affects only IE6 even as security researchers close in on exploits for IE7 and IE8. Microsoft has had no comment about the firestorm that Google unleashed by directly accusing the Chinese of cyber espionage. ShadowServer has up a sobering post on the massive extent of the problem of "groups that can be referred to as the Advanced Persistent Threat."
Enough is enough! (Score:5, Informative)
Quoth the TFA (Score:3, Informative)
targeted attacks and the publication of exploit code for a 'browse and you're owned' vulnerability in its flagship Web browser
IE 6 hasn't been Microsoft's flagship browser for 4 years.
Comment removed (Score:3, Informative)
Re:IE is only good at one thing... (Score:3, Informative)
Shh, don't tell anyone...
>wuauclt /detectnow
Forces the update.exe agent to check.
Re:Quoth the TFA (Score:3, Informative)
it does, however, share the same vuln with IE7 and IE8. So maybe it's more appropriate as "microsoft's web browser" (irrespective of version) is at fault.
Re:Enough is enough! (Score:4, Informative)
No. Chrome frame is only active if a page specifically codes for it [google.com]. Otherwise, it does nothing. An attack page would not typically include code for a workaround.
Re:'flagship webbrowser' (Score:3, Informative)
Re:Quoth the TFA (Score:2, Informative)
Re:Enough is enough! (Score:3, Informative)
I'm sure corporate users who have IE6 forced upon them will appreciate it if they try to view your site.
I'm sure your response would be "well they can bring it up with their IT department and use it as a way to persuade the upgrade". Doesn't work like that in the real world, particularly if old IE6-only compatible web apps are still in use.
Re:Quoth the TFA (Score:3, Informative)
I'm sure they could get out of the contract at an unnecessary cost. MS made this mess and unfortunately we're stuck with it for awhile longer. Hopefully once the extended support is over then companies will start dumping their old stuff and upgrading.
In my opinion this shouldn't matter to most sites because they're not meant for business customers. It doesn't matter if Youtube, for instance, works on IE6 as far as I'm concerned. Anyone on IE6 for their home PC should be excluded until they get a real browser.
"Emergency" reaction (Score:2, Informative)
"Could be here as soon as this weekend", which is still more than a week from the exploit being published. That's swell.
Anyone else grateful MSFT doesn't run the fire department?
Re:Enough is enough! (Score:3, Informative)
"If it ain't broke don't fix it"
Correct. And, it's time to make the decision makers understand that it's broken. If it isn't broken enough to convince them, then LET'S BREAK IT MORE!!
Most of the rest of what I read here today is just so much whining and sniveling, from one side or the other.