Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Internet Explorer Microsoft Security Technology

New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe 169

Posted by timothy
from the firefox-users-on-linux-even-safer dept.
An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"
This discussion has been archived. No new comments can be posted.

New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe

Comments Filter:
  • by Anonymous Coward on Saturday December 29, 2012 @03:51PM (#42421839)

    I tried out IE 10 and it was great. It downloaded firefox and chrome even better than ever. People who haven't updated should. Too bad XP users can't use it though.

    • Re: (Score:1, Funny)

      How do I install IE in Ubuntu? I can't find it in the repositories.
      • by ClaraBow (212734)
        I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!
        • by Anonymous Coward

          There used to be versions for Mac, Solaris, and HP-UX

          • That's true, but IIRC Macs weren't affected by such vulnerabilities usually. After all, Macs were different that they needed their own separate engine (Tasman) apart from Trident, which was used on MS Windows, Solaris and HP-UX. To be honest, I remember being a kid and playing in IE on a Mac at school. IE used to be cool. Now I know better. Still, IE/Mac rocked in its day!
            • It rocked because it was a completely different browser from IE on x86. The only thing it had in common with the Windows version was that it was non-standard in similar [but not the same] ways.

              • Anyone else noticed that for years the MacOSX version of Office was so much better and prettier than on Windows?

                I wondered for awhile which side the developers on Redmond were on? Granted today Office 2010 and IE 10 for Windows have caught up. I guess the old Windows apis must have been really bad if they couldn't get them to be as good as another competitors OS.

        • by ae1294 (1547521)

          I know you were joking, but IE remains the only major browser that runs on one platform only. I'm sure Microsoft will port it to other platforms someday!

          You haven't heard? Microsoft has been working hard to finish porting IE6 to Linux. They seem to be targeting their ads mostly to business clients whom use Active X. I wonder why Microsoft would support the Linux community, have they gave up being evil???

        • by smash (1351)

          IE is cross-platform. x86, x64, XP, Vista, Windows 7, Windows 2003, Windows 2008, etc.

          /msdrone

        • by smash (1351)

          Serious post - I'm sure microsoft will re-port IE to other platforms if/when Windows looks like losing significant market share. The OS is becoming irrelevant, and the browser is becoming more and more important as a platform for application development.

          Eventually, I'm sure they'd prefer to have a higher share of the browser market by supporting multiple platforms, than seeing the browser share shrink with Windows. With the epic failure of Windows 8, it may happen sooner than we expect.

      • by EETech1 (1179269)

        www.codeweavers.com/compatibility/search?name=internet+explorer&search=app

        I actually had to for my friend. He loves using Ubuntu since I converted his work laptop, then all his home computers, but there was some stupid IE only website that he had to use to make reservations for his business.

        It is not perfect, but it gets the job done, and works much better than Virtual Box on his old laptop. Much less pwnage running under Wine too.

        Cheers!

        • Just have him install User Agent Switcher and have it pretend to be MSIE 10 when he goes there.
          • by EETech1 (1179269)

            IIRC it loads some kind of IE only plugin to do the 'secure' ordering and reservations, but I will give that a try. I gotta pay him a holiday visit anyways. I didn't see him@ Target this Christmas eve. First time since Target opened here about 10 years ago:) I can't imagine he had all his shopping done ahead of time!

            What better way to say happy holidays than to remove the last remaining piece of Microsoft software from his life and update his 10.04 Ubuntu install to Mint 14!

            Thanks and Happy New Year!

      • sudo apt-get winetricks
        winetricks ie8
        unfortunately ie versions later than 8 are not supported in linux, you should upgrade to a superior operating system if you wish to experience the same bullshit you've been putting up with for 10 years (sorry, i'm a web dev)
      • It's here [von-thadden.de]. You also can get it from your distro's reposotory.

        It's very usefull to test pages in development. Also, you can install several versions of IE at the same Ubuntu computer. But it probably won't emulate this bug, so you won't have the complete experience of having your computer owned (by this exploit).

  • Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

    • by tuppe666 (904118) on Saturday December 29, 2012 @04:14PM (#42421981)

      Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

      I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything, and have been rarely been out of education, some things take years to learn. The truth is why should everyone be executed to be experts at computing.The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

      • by Kergan (780543)

        But then, your argument completely falls apart because these users are mostly corporate users whose IT managers should know better.

        Households users either worry about it and upgrade themselves, or have more savvy family or friends who do it for them. Do you leave your grand parents, parents or friends with a batshit crazy outdated browser lying around? Of course not. You upgrade it when you notice, and you ideally configure the PC to do so automatically in the future.

      • The truth is why should everyone be executed to be experts at computing.

        One does not simply avoid getting Malware. Only the dead can know peace from this evil.

      • by Velex (120469)

        The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

        There's nothing sad about this. Not everybody needs a general purpose computer. What they want is a Facebook machine, a Tumblr machine, a Youtube machine, and a Netflix machine. And give it to them. I'm sick and tired of hand-holding users who can't handle a general-purpose computer that can run more than 1 thing at once. I don't run Windows at home. I don't get paid to do support. When something blows up, I get called over to read over the dialogs and apply common sense, because I'm the "computer g

        • When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

          pretty sure the op struggles to get food to dock with his food hole

          • When your doctor tells you to stop eating unhealthy foods because you're at risk of diabetes, do you give him shit like that? When your mechanic tells you that you need to bring your car in to get an oil change on time, do you throw your hands up in the air and bitch about not being an expert?

            pretty sure the op struggles to get food to dock with his food hole

            The big boys at work who buy these $100,000 SAP, Oracle, Kronos, Manpower, Siebel, and other crapware do so because they get a ROI. Bitch about being geeky to this non tech user who just blew $500,000 upgrading everything from IE 6 to cutting edge IE 8 (in his mind) will fire you with such a doctors analogy on the spot. That or he will look at you funny and ask if you replaced the toner on his printer yet? ... pff cost center peon.

            This man writes your paycheck and he tells you what you support you either su

            • heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?
              • heh, they ask for a piece of shit and they get a piece of shit, what does that have to do with anything?

                That POS you call it, does wonders to productivity. You are looking at it through a geek lense of HTML 5 features and multimedia support. My boss looks at it though how much can IT raise the shareprice. These corporate apps might not look as pretty as www.engadget.com on a HTML 5 browser with cool effects, but can display and automate business processes well.

                They wont support anything above IE 8 yet (maybe 1 or 2 do as of the last 6 months) because XP wont die and IE 8 is the common gateway that runs on bot

      • heh, are you on crack, the next big thing will be phone hacking. and yes, if you are not a doctor you should still take care of your health, it is still your responsibility to get some exercise. and yes, if you have a car you should probably take care of it, change the oil and whatnot and book it in for a regular service. and yes, if you have a leaky tap you should just change the washer, and yes, if you want to make violins... i'm not even sure how this is even a relevant comment
    • by yuhong (1378501)

      Well, clearly MS disagrees. In fact, a week or so ago I reported a security bug that only affects IE7 (as far that I have tested) to ZDI. I will not reveal any more details until it is patched, of course.

  • It's not surprising to me that a Microsoft product would have a vulnerability that might encourage people to pay more money to Microsoft.

    With so little U.S. government supervision of abuses, having a virtual monopoly allows many tricky ways of making money.
  • Microsoft has wanted for ages that those users upgrade.
    Would they resort to this method to scare people into upgrading?
    • Microsoft has wanted for ages that those users upgrade.
      Would they resort to this method to scare people into upgrading?

      Microsoft aren't even getting a sales bump from launching a new version of their platform, providing a shitty experience on their platform has them running to any other platform, and have yet to transition to the new world, where they are not the Daddy!. Android is set to surpass them next year. I'd argue it was more to provide advantages over previous versions of their OS when really their is very little real advantages present. Simply leaving the older unmaintained version insecure is simply a bonus.

  • by MyLongNickName (822545) on Saturday December 29, 2012 @04:07PM (#42421939) Journal

    Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
    Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
    Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
    Then: People using Internet Explorer 9-10 are not impacted.""

    Could someone please tell me which versions are vulnerable and which ones are not?

    • by Nyder (754090)

      Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
      Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
      Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
      Then: People using Internet Explorer 9-10 are not impacted.""

      Could someone please tell me which versions are vulnerable and which ones are not?

      It clearly states multiple times that IE 6-8 is affected and 9 & 10 aren't.

  • by linebackn (131821) on Saturday December 29, 2012 @04:18PM (#42422001)

    Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/ [mozilla.org]

  • Who uses IE?

    • noobs

    • by PNutts (199112)

      Who uses IE?

      I'd throw out some numbers but they are skewed towared the site measuring them. Wikipedia [wikipedia.org] pulls some sites together in one place.

    • Until Oracle, Kronos, Siebel, DerpMaster, Manpower, Sap, and about 85% of all intranet app makers support anything above IE 8 the answer to any recent or different browser is a resounding NO!

      Part of me feels they do so on purpose to hurt Microsoft so they can sell cloud solutions and make the pc platform and internal intranet apps higher TCO (Sap and Oracle) and we all need to suffer in the process by not having HTML 5 yet.

      College kids reading this. Be prepared for disappointment in the real world as your p

  • by 93 Escort Wagon (326346) on Saturday December 29, 2012 @04:46PM (#42422161)

    Compatibility View seems to turn IE 8-10 into IE 7... And I find people using it all the bloody time (and for no good reason other than they didn't like how the newer version CORRECTLY rendered some random page they were used to seeing broken!). So is Compatibility View immune to the exploit? I'm unclear whether IE has a separate engine for this or just uses some bizarre CSS definitions to achieve the brokenness...

    • Don't forget that IE also has a selectable document mode. So, I'd like to see a full matrix of browser modes and document modes that are effected (if it applies).

    • I wonder that too.

      Many corps who use IE 9 (still few) but it in IE 7 mode typically because of one tiny app used by HR wont render right so they make a group policy for the whole company. This eliminated youtube and facebook support which the PHBs even like!

  • The better story about this vulnerability is the fact that the entire delivery of the malware (from a compromised US foreign policy think tank, no less), was limited to people with the ability to view English (American English), Russian, Japanese and traditional Chinese characters. It's supected of being a 'watering hole' attack. Read more from the earlier submission [slashdot.org] which didn't include bullshit link bait for advertising dollars.
  • LOL. What?

    The only way to make Microsoft software trustworthy is to cut power to the computer.

  • Older browser version with vulnerability -> JavaScript -> Flash ActiveX -> Java -> sad clown face. Should anyone be surprised? Here's a link to the CERT KB [cert.org] for more information.

  • Recently http://battlelog.battlefield.com/ [battlefield.com] (Battle Field 3 web interface)
    stopped supporting IE 8.
    http://battlelog.battlefield.com/bf3/news/view/2832654782553529670/ [battlefield.com]

    A clan member asked what they could do about it, I told her to use a different browser.
    they came back: I suppose you expect everybody to have two browsers installed.

    Actually I did, the only browser they used was an out of date IE. Playing games on-line,
    having a functioning chat system installed; one would think they'd have an above average
    knowled

"Text processing has made it possible to right-justify any idea, even one which cannot be justified on any other grounds." -- J. Finnegan, USC.

Working...