Stop Microsoft

All Things Microsoft => Microsoft as a Company => Topic started by: worker201 on 18 December 2008, 01:44

Title: New Patch for Serious IE Flaw
Post by: worker201 on 18 December 2008, 01:44
http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx (http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx)

They barely ever come out and say exactly what the flaw is or what it does, but this one seems to be pretty serious.  It's a "publicly disclosed" vulnerability, which probably means it was first publicized on Slashdot or something, and it affects all versions of IE back to 5.  Basically, if you're running Windows 2000 or later, you're affected.

In the FAQ section of the above document, they anticipate questions about older versions of IE.  The response: "It should be a priority for customers who have older releases of the software to migrate to supported releases".  Meaning "If you're using IE4, you're shit out of luck".  Which is to be expected - I would laugh hysterically at anyone using IE4, even back when it was the current version.
Title: Re: New Patch for Serious IE Flaw
Post by: davidnix71 on 18 December 2008, 04:54
It's a very old flaw. It's a buffer overflow exploit that allows the attacker to upload and run code on the affected machine.
Only later Windows running IE with limited privileges are "relatively safe."

The flaw is the one I mentioned in another post about Homer Simpson and the zombie network. It is being widely used now to steal passwords and such, so MS was pressured to fix it immediately.
Title: Re: New Patch for Serious IE Flaw
Post by: Simons-Photography on 21 December 2008, 19:29
yet its firefox that gets to be tops in the list of unsecure software, typical, anyone running IE is a nut, the only thing I use it for is for BBC's iplayer because it dosen't seem to run on firefox and not even IE-64, I've already given them a peice og my mind and got the expected no reply
Title: Re: New Patch for Serious IE Flaw
Post by: Lead Head on 22 December 2008, 02:21
Welcome. I wouldn't say firefox makes t he top of every unsecure list, but many websites count firefox's vulnerabilities multiple times because it is multi-platform.
Title: Re: New Patch for Serious IE Flaw
Post by: SiMuLaCrUm on 22 December 2008, 16:27
It only figures M$ would take this long to fix something...
Title: Re: New Patch for Serious IE Flaw
Post by: _ZeroBeta on 16 April 2009, 20:19
All the way back to Internet Explorer 5? That surprises me, even for Microsoft, and considering it was reported that this problem only affected versions 7 and 8. I'm thinking that this flaw is also why the browser often stops responding when it is used for long enough?