Slashdot Mirror

← Back to Stories (view on slashdot.org)

Uber-patch for Internet Explorer

Posted by michael on from the repatch-and-sin-no-more dept.

malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."

10 of 590 comments (clear)

  1. All in one patch is 1/2 the solution by Rev.LoveJoy · · Score: 5, Insightful
    This is a step in the right direction, but I still have to install the thing on every single g-damn peecee in my enterprise.

    For those of us with less than a few hundred MS clients (read: fewer clients that would make usefull something as heinous as SMS push upgrades) the issues are still very clear:

    1). It takes too much time to keep up on MS software patches.

    AND

    2). Once you know what you need you still have to go box to box to box to patch (in *most* cases).

    Granted the 'uber-patch' will help, but it still means I need a couple more inters to walk from machine to machine and interrupt users. IMO, patch managment tools should be MS's #2 priority (right behind 'getting it right the first time').

    Cheers,
    -- RLJ

  2. tee hee by Frac · · Score: 5, Insightful

    Michael exaggerated this exploit beyond belief:

    If Microsoft suddenly changes how their browser handles downloaded files, tens of thousands (perhaps hundreds of thousands? any webpage which downloads files) of webpages "designed for IE" will have to be rewritten.

    Good grief! Can somebody link to the tens of thousands of "designed for IE" webpages that are currently incompatible as a result of this patch?

    In fact a proper "fix" of this hole probably involves de-integrating their browser and local file handling to some extent.

    Eerrr.. a proper "fix" of Michael's previous article probably involves a higher level of computer literacy, and less impulsive urge to write expository essays that sound dramatic, but are wrong.

    1. Re:tee hee by DeadMeat+(TM) · · Score: 5, Insightful
      Good grief! Can somebody link to the tens of thousands of "designed for IE" webpages that are currently incompatible as a result of this patch?
      Well, there would be a problem, but it's not something awful IE-specific HTML brought about. Since IE half-ignores MIME types, servers that don't have proper MIME types set up could suddenly have file associations break on their Web page. I was recently asked by someone about a problem they were having with .M3U files getting downloaded as text or being asked to be save them to disk in anything but IE. Turns out the Web server didn't have a MIME type set up for M3U files, and the guy who ran the server just argued "it works fine in IE."

      So yeah, it would be a kinda big problem, and it's Microsoft's fault (if they wouldn't have set up a brain-dead policy of not handling MIME types properly then the servers would have been set up right to begin with). But it's not a "Designed for IE" page thing, and I doubt it's in the thousands of pages. Most pages that don't get the kind of traffic where somebody would notice bad HTML (e.g. homepages) are hosted on GeoCities/Angelfire/whatever which already have MIME types set up right.

  3. Sensationalism courtesy of /. by fumble · · Score: 5, Insightful

    Warning: mild flamebait.

    Remember Michael's over-the-top misinformed rant about this 3 days ago?

    ... they refuse to provide any information about when a patch might be made available, if ever.

    I'm surprised he posted this fix, kinda points out how far off base /. was a short 3 days ago. Hey, I'm no M$ fan and I kinda expect some opinion on /. posts ... but there comes a point when it turns into yellow journalism and becomes childish M$ name calling.

  4. Re:Slashdot Inconstancies by fumble · · Score: 5, Insightful

    ... is there anything they could do that would appease this croud?

    I think you hit the nail on the head. The answer is "no." The fact remains that this community has seen M$ do some nasty things, and now they've formed their opinion (and that's just fine). Regardless if M$ does something right, it really doesn't matter. Imagine if one day at school, the bully that usually pounds your ass into the ground held the door open for you ... you probably wouldn't buy it for a second. Or maybe if Barry Manilow actually put out a mildly good song ... would you admit to liking it? I wouldn't :P

  5. Re:Question for michael... by SCHecklerX · · Score: 5, Insightful
    IE is the best browser out there.

    Care to back this up? Have you used the alternatives? In case you missed it, here is what Moz has that is lacking in IE:

    • Best CSS2 Compliance out there. IE totally screws up my CSS2 compliant web page. Mozilla, Konqueror, Opera render it properly.
    • Tabbed browsing. Open separate windows, or open tabs within an existing window. Great feature for browsing slashdot, keeping similar stuff together in one window with tabs while browsing other stuff in a separate window
    • Full control over what javascript functions/objects/features are allowed to execute on a per-site basis. You can even globally kill the popup on page load bullshit (the only real reason I've found to disable javascript so far)
    • Cookie management on a per-site basis
    • Image management on a per site basis. Allow/disallow images, stop animated gifs, etc.
    • Site navigation bar for sites that use that old forgotten tag (like slashdot). This is very cool and useful.
    • Proper implementation of a 'favicon' that, get this, uses ANY SUPPORTED IMAGE FORMAT, not that M$ specific .ico crap. Use a PNG and you can use alpha channels. Imagine that.
    • FAST rendering engine. Much better than IE (especially in recent builds!) This is VERY significant for modem users who have to sit and wait for IE to figure out what is in a table before rendering it, while moz's engine pops it up as it comes down. Slashdot renders here in under a second.

    Those are just some of the highlights of why mozilla is the better browser and quite frankly, blows away IE, even as prerelease software

  6. Does anyone else feel immoral? by Sludge · · Score: 4, Insightful
    I've been thinking about this for a long time, and it's time I asked my peers at slashdot- Does anyone else feel immoral browsing the web with an Internet Explorer USER_AGENT? I'm going to state what seems obvious to me:
    • Company designs nice website with features that are only supported with IE.
    • Company realises that Netscape market share is too high to do these cool things, so they downgrade their website. Animosity is felt towards the browser not developed for (in my experience this goes both ways)
    • Company waits a year and a half, and ends up re-evaluating their Netscape support position based on their current USER_AGENT stats showing 95% IE clients.
    • Company switches webpage to use proprietary and non standard technologies, locking us alternative software people out of another website.

    By this logic, which I feel is a common path for businesses to take, using Internet Explorer and letting webmasters know that you do will harm our freedom to choose our client software in the future.

    I don't understand why no one else has come forward and stated that they feel this way. For this reason, I refuse to use the software except in situations where it's seriously inconvenient to do otherwise.

    I don't mean to be alarmist. If the web is only accessible from IE, a project will be started to supply a proxy for other browsers which interprets the data from the web server and converts it to nice, standardized HTML. This could get kludgy, and is the worst case scenario I see.

  7. Re:not too bright by TheAwfulTruth · · Score: 5, Insightful

    Not informative at all. Here's the real information: The patches can be applied to IE 6.0 OR IE 5.5 SP2 ONLY. If you do not have either of those you need to upgrade to one of them then apply the appropriate patch.

    If you have not already upgraded to these versions then you are (and have been ) vunerable to numerous PAST holes. So if you haven't bothered to upgrade by now, why do you care about patching all of a sudden?

    Please mod me up to 5 now thank you.

    --
    Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
  8. Re:Uber Patch by ncc74656 · · Score: 5, Insightful
    That would require that a significant portion of Slashdot users use IE.
    ...and you're implying that they don't? It's not like there are many options...Konqueror and Mozilla aren't all there yet, there seems to have been some sort of stink lately WRT Opera, and there's no way in hell that I'd use Nutscrape. Not everyone who reads /. is a flaming anti-MS zealot...MS has its warts (you're nuts if you put a Windows box directly on the Internet), but then so does nearly everything/everyone else.
    --
    20 January 2017: the End of an Error.
  9. Re:Uber Patch by slashdot_commentator · · Score: 4, Insightful


    Hmmm, I don't recall any version of IE working for linux. Perhaps the underlying truth is more embarrassing than we realize...

    Nah, probably working stiffs who are stuck on NT/2K/Win9X boxes at work...

    --
    There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon