Slashdot Mirror

← Back to Stories (view on slashdot.org)

4 New "Extremely Critical" IE Vulnerabilities

Posted by CmdrTaco on from the are-you-ready-for-fun-and-excitement dept.

TopherTG writes "Buckle your seat belts folks. On what is looking to be the next Black Tuesday, with rumors of 9 new Windows security patches being released, Secunia is reporting on 4 new vulnerabilities in IE that allow for arbitrary code execution and placing content over other windows. Combined with the new Windows patches, it is likely more Download.Ject and Sasser like viruses will be emerging in the coming months."

8 of 1,081 comments (clear)

  1. "Trusted Computing" by KevinKnSC · · Score: 5, Interesting
    I especially liked this part:

    An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.

    So SP2, which is supposed to make Windows super-safe (even at the expense of backwards-compatibility in some case) may have actually introduced an IE bug.

  2. Mainstream Media by aghorne · · Score: 5, Interesting

    How long is it going to be before some big mainstream press picks these recursive stories up and starts recommending people try another web browser?

    And is there anything we can do to get this in the press?

    --
    *.02c
    1. Re:Mainstream Media by DrAegoon · · Score: 5, Interesting

      It's already starting. When I visited my (non-techie) parents last week both of them had heard news on the TV or radio about the IE exploit. My dad actually asked me to install Firefox because the story he heard had mentioned it was safer than IE. In a perfect world the mainstream media would keep this up and give Microsoft a real reason to write better code.

      Unfortunately we live in the real world. If Micorsoft kept getting large amounts of bad press every time it announced a new exploit it would try even harder to hide the flaws instead of releasing a fix.

  3. IE Developers by thenextpresident · · Score: 5, Interesting

    You know, for some reason, I feel bad for the IE Developers, who are probably a bunch of well meaning people that are hampered by upper-management decisions.

    This is not something you want to wake up to as a developer, whether it's proprietary or open source. It's just that they can't make decisions based on solving the problem alone, they have so much red tape to go through to make changes, that even though they might want to solve this problem, someone on the top is making it difficult.

    --
    Jason Lotito
  4. Re:No Surprise by man_ls · · Score: 5, Interesting

    If the Mozilla Foundation came up with an open-source replacement for shdoclc.dll (the Internet Explorer Rendering Engine) you could replace the IE application backend with the Firefox application backend.

    If you ask me, that's something people should be working towards.

  5. My company has one clients who refuses... by bob670 · · Score: 5, Interesting

    to consider any that isn't an MS product. He is a staunch Redmond supporter, won't even concede the imporatance of Unix/Linux/Mac ever, as if they never existed. I have been hitting him with links from these stories for almost a year straight, he just called, wants to me to start having our desktop guys install FireFox on his desktops next week. Chalk up one more for the good guys...

  6. Even MS Fans Are Switching by Anonymous Coward · · Score: 5, Interesting

    I'm a fan of Microsoft. I like most of their products. I make a living off their development tools and platforms. I'm incredibly happy with Windows 2003 Server. I typically defend Microsoft whenever I get the chance.

    But not when it comes to IE. It is fairly clear to me, and anybody else whose mind is not clouded with zealotry, that IE is the single best attack vector into the average personal computer. Nearly all PC users use IE for a significant portion of the day, and nearly all of those users have no idea that visiting a web site could be dangerous.

    I stopped using IE about 6 months ago when a web page managed to install spyware on my machine. I was fully patched, but it happened anyway. If it weren't for McAfee Antivirus, I never would have known. I've been using FireFox ever since.

    Up until FireFox .8 (or so), IE was the better browser if you ignored security issues. But you can't ignore security issues. And now that FireFox is just as good (and better in many ways) than IE, I can't see any rational reason to continue to use IE.

    So, there you have it. A diehard Microsoft fan dumping IE like a bad habit.

  7. Perfect Exploit by TheTomcat · · Score: 5, Interesting

    I'd like to get my hands on an exploit that installs Firefox, with the IE theme, and then replaces all desktop and startmenu shortcuts with a pointer to Firefox. Also changes the default browser.

    Anyone know of one? The terms are too generic for a quick google.

    S