Slashdot Mirror


4 New "Extremely Critical" IE Vulnerabilities

TopherTG writes "Buckle your seat belts folks. On what is looking to be the next Black Tuesday, with rumors of 9 new Windows security patches being released, Secunia is reporting on 4 new vulnerabilities in IE that allow for arbitrary code execution and placing content over other windows. Combined with the new Windows patches, it is likely more Download.Ject and Sasser like viruses will be emerging in the coming months."

16 of 1,081 comments (clear)

  1. It is time that..... by tiger99 · · Score: -1, Troll
    .... governments acted to outlaw this vile security threat. The Department of Homeland Security has made a clear recommendation, and now we have even more holes...... People will not do the sensible thing until it is made law, and even then, it will have to be blocked by ISPs before certain elements of society will bother do do anything about their own security and that of others.

    To be credible, the DHS recommendation needs the unambiguous backing of governments, whether democratically elected, or like Dubya, otherwise.... Hopefully someone somewhere will start the trend to do the sensible thing, or is that impossible for a politician?

  2. Re:Poor Microsofties... by NanoGator · · Score: 0, Troll

    "As soon as the IE apologists had a reason - a fleeting one, but a reason still - to act like IE wasn't so bad... the floodgates open."

    The tactic of calling people who disagree with you 'apologists' is getting really old. "You don't knee-jerk hate Microsoft, you're an apologist!"

    Grow up.

    --
    "Derp de derp."
  3. Re:Solution: by Anonymous Coward · · Score: -1, Troll
    what's a girl to do?? ;)

    Umm, bend over?!
  4. Re:Solution: by Anonymous Coward · · Score: -1, Troll

    "what's a girl to do?? ;)" 1) Get naked 2) the dishes 3) cook me dinner 4) clean the house 5) take care of the kids 6) stop your bitching 7) don't spend my money 8) stop commenting on how cute babies are 9) lap dance? 10) bring me my beer.

  5. Are you serious? by amake · · Score: 0, Troll

    The correct answer is "me."

  6. Re:Solution: by bobjohnson · · Score: -1, Troll

    what's a girl to do?
    Me.
    I had to try, right?

  7. Re:Oh, for god's sake! by int19 · · Score: 0, Troll

    Lynx is for wimps. Links is for men!

    Nay, telnet is for real men!

  8. NAIL ON COFFIN by Jackie_Chan_Fan · · Score: 0, Troll

    Its dead jim. Bought fucking time. Wake up world.

    1. Re:NAIL ON COFFIN by Jackie_Chan_Fan · · Score: 0, Troll

      GOD DAM FUCKING TYPOS! ;) I need to Preview more... WHO PUT THE DAM "I" Key next to the dam "O" Key!.. You roooooined my fucking joke... you tricky bastard! :) Previewing...

  9. Re:At what point... by Anonymous Coward · · Score: -1, Troll

    Er. No, at one point AOL did bundle Netscape with their software. It was a VERY long time ago though, perhaps before you were born.

  10. In Soviet Russia.... by ObsessiveMathsFreak · · Score: -1, Troll

    ...IE bugs YOU!!

    Also in soviet russia IE would have been used as the KGBs primary tool for destroying capitalism. Both through exploits and by pointing out the class struggle between IE and FireFox.
    Of course back in those days the CIA would have used the DMCA to make sure no-one knew about these holes.

    --
    May the Maths Be with you!
  11. Re:At what point... by saintp · · Score: 0, Troll

    In Soviet Russia, IE criticizes linux geeks!

  12. Secure? by Anonymous Coward · · Score: 0, Troll

    Are firefox and opera really more secure?

    Or is it just that they are not targeted by hackers because not enough people use them to make it worth the time?

  13. Re:IE is NOT a web browser by jmulvey · · Score: -1, Troll

    Wrong, Wrong, Wrong. Is your real name Michael Moore? That's the only person I know who can distort the facts with such a "holier than thou" attitude.

    To wit -- Here's a little history lesson on why you're wrong. And when Linux starts to get the number and volume of enterprise-level applications that Windows has, these types of history lessons will prove useful. But don't just take the easy way out and say "Yeah Windows sucks" and not try to learn about the mistakes that might just be made again without some perspective.

    So Microsoft best practices are to NOT have the user run as Administrator of the computer. But unfortunately, many companies don't follow this advice. See, unfortunatley, in the past many poorly-written **third party apps** required rights to certain areas of the file system or registry, and these are old programs that worked fine before such systems were locked down (for good security reasons) by Microsoft.

    The reason for the lockdown was that as the number of third-party programs grew, they were scattering per-user program configuration information all over the hard disk, wherever they pleased. When users moved from one computer to another it was a nightmare because every software vendor had their own place to store files. Some stored it in /WINNT, some in /WINNT/SYSTEM32, some on the root. Microsoft had already provided a directory /WINNT/Profiles, but in their haste many vendors just wrote programs that threw their trash wherever they damn well pleased.

    So Microsoft took action. They created the "Documents and Settings" folder for user profile information. This was introduced with Windows 2000. Moreover, they locked down the default security of the rest of the hard disk in order to prevent 3rd party apps in the future from sprinkling stuff all over the place -- and instead made "Documents and Settings" the only place where user profile information is to be stored. Finally, the created the Designed for Windows XP logo certification system as the carrot/stick that they use to get developers to stick to these (and other) standards.

    What happened when they did this? Users came out of the woodwork! "Microsoft SUCKS!! Microsoft broke all my apps because they are a monopoly that wants to own the lucrative (insert program market here) market!", they said. Well, no. What actually happened is that Microsoft slapped the hand of ISVs that chose not to follow their documented (and dare I say it, well thought out but not hard-core enforced) standards.

    Now fast forward to today. Some of those apps are still in use. But due to reasons unknown (frugality, probably) most companies aren't willing to go through the work of finding out what hard disk/registry settings each of 300+ applications need and developing a script to give users access to those areas. So they take the short route and give users full control of the Registry, or of the box. And that gives virii/trojan horses fertile ground to wreak havok. Yes, Microsoft is the root of all evil. As you can now see this whole situation was designed by the Devil Bill Gates himself to make your life miserable.

    So applications run under the context of the user that runs them. If the application needs additional permissions, then it either needs to install itself as a service (which would require entering service account information upon installation) or somehow ask the user to provide necessary credentials.

    As a sidebar, Microsoft has a feature (which can be enabled) whereby when a user initiates the installation of a software package, the installation program runs under the credentials of the system account. Like any security feature, it may be nice for some situations (as an admin you don't have to truck on over the user to log on every time they wanna install something) and bad for others (potential security hole). The choice is yours to make as an administrator. But it is a nice middle ground between allowing a user to run as administrator of his/her box all day long (due to risk of trojans, etc), and having to baby-sit them every time they want to install something new.

  14. Re:IE is NOT a web browser by Psyrg · · Score: 0, Troll

    Want to see something worse? You may need Microsft Word installed for this one.

    1 - Place a Wicrosoft Word document on your desktop
    2 - Open an explorer window to your desktop.
    3 - Add the name of the word document to the path in the address bar, eg "C:\Documents and Settings\user\Desktop\filename.doc" and hit enter.
    4 - Look at the manu bar. You will have the MS Word menues such as format, and the Internet Explorer menues such as Favourites.

    It is a conspiracy to rule the world.

  15. Re:IE is not a web browser by black+mariah · · Score: 0, Troll

    Seriously, that's some fucking stupid shit. If you're going to be that fucking pedantic you need to GET A MOTHERFUCKING LIFE. Fucking dork.

    --
    'Standards' in computing only impress those who are impressed by things like 'standards'.