IE Download.Ject Exploit Fixed
Saint Aardvark writes "Just in time for the weekend, the
Internet Storm Center is reporting that Microsoft is providing
a fix for the Download.Ject vulnerability that hit IE late
last month. The press
statement says that it'll hit Windows Update later
today..."
I think I lost count at about 1000 when it comes to these "this will help for now..." When it comes to IE most fixes end up as patches that can actually break more than they fix. I think the Dept. of Homeland's Security recommendation of not using IE speaks loud and clear to this.
Microsoft could start but not allowing web sites to automatically run malicious code, just as Outlook has the same tendency with emails (which incidently, most email viruses spread rapidly with)."Late last month"
vs.
"A week or so ago"
I know Microsoft is not one for timely updates, but this wording makes it sound like Microsoft has been sitting on this particular problem a lot longer than they have.
What use are IEs extra features if they have to be turned off by default.
ActiveX should never have been embedded into a browser in the way it has been. Yet most of the sites that I have to use IE for is because of ActiveX controls.
Microsoft tricked a lot of the world into using ActiveX and now they're paying the price.
I can hear the support conversations already -
"Yes, if your security zone is set to high your computer won't be vulnerable. But if you want to view anything with ActiveX (read: multimedia) you'll have to turn these vulnerabilities back on."
Does anyone else find this mildly insane ?
[ Monday is a terrible way to spend one seventh of your life. ]