Forgot your password?

Close
typodupeerror
Internet Explorer Security Windows IT

IE 6 & 7 Unpatched Exploit Goes Wild 149

Posted by CmdrTaco
from the brace-for-impact dept.
Kolargol00 writes "Heise online reports the availability of an exploit (Google translation) for the yet-unpatched MSA-981374 affecting Internet Explorer 6 and 7. It has already been spotted in the wild by McAfee and integrated into the Metasploit Framework."
This discussion has been archived. No new comments can be posted.

IE 6 & 7 Unpatched Exploit Goes Wild More

IE 6 & 7 Unpatched Exploit Goes Wild

Comments Filter:

  • Re:tough titty says the kitty (Score:4, Informative)

    by Opportunist (166417) on Thursday March 11 2010, @02:46PM (#31441500)

    Most companies still using IE6 or 7 cannot.

    Usually you're facing a scenario akin to this: Some external company created a mission critical web applications. Of course a web app had to be it, because it saves you a lot of dough because you don't need to create a frontend, it's already there! You also don't need to roll out anything, it's already part of the system!

    Since MS cares really much (/sarcasm) about standards, you had the choice: Doing it for IE, or for the rest. Since IE is part of every Windows installation, and you didn't want to roll out a frontend in the first place (remember, paradigmas are to stick to, even if they become a problem, else your boss might ask "why did you want that in the first place?"), you will create that frontend for IE. IE 6 orIE 7, to be exact, because they, too, are only kinda-sorta compatible to each other.

    Fast forward to the present. The company that made your mission critical application already overstepped its allotted budget by about twice its size and is still busy fixing the odd bugs... provided the company still exists, that is.

    Are you the one going to your boss telling him that they should stop fixing bugs now and migrate the behemoth to IE8? He will ask for the reason. You tell him about the security problems. He will laugh at you and call you a scaredy-cat.

    That was the moment I quitted my well paid CISO position. It became too much of an ejector seat to be comfortable anymore.

  • Re:Internet Explorer and News for Nerds (Score:2, Informative)

    by davester666 (731373) on Thursday March 11 2010, @02:48PM (#31441526) Journal

    And I missed including the obvious extension to this, namely, you would be transitioning your company off Windows software, which is the most attacked software in the world.

    Other OS's may be equally or more vulnerable, but no other is more exploited than Windows.

  • Re:I'm safe. (Score:2, Informative)

    by Urigeller23 (1481825) on Thursday March 11 2010, @03:00PM (#31441688)

    http://www.h-online.com/security/news/item/Exploit-for-new-IE-hole-952183.html [h-online.com]

    English version of the report.

  • Re:Serves the noobs right (Score:3, Informative)

    by ircmaxell (1117387) on Thursday March 11 2010, @04:06PM (#31443034) Homepage
    Actually, that's exactly what I do here. When our QC team needs to test websites on IE6 (Because some of our clients still use it and they pay the bills), they simply RDC into a server that we keep live solely for IE6. It has nothing else on it, and has networking locked down to only allow traffic to our local subnet (and hence only our applications). Anyone who needs to test is simply granted RDC rights, and they can do it. And considering the server is a VM, it was basically free (we already had the terminal server and windows licenses)...

You can observe a lot just by watching. -- Yogi Berra