Slashdot Mirror


Several Critical MSIE Flaws Uncovered

An anonymous reader writes "Several flaws have been uncovered by security firm eEye in Microsoft's Internet Explorer. The flaws allow remote compromise of computers running Windows Operating Systems and affect IE, Outlook and possibly other MS software. With the next MS Windows security bulletin release scheduled for June 14, 2005 news sources are reporting that in comparison with the Mozilla Foundation's prompt fix for the recently reported Mozilla 1.0.3 vulnerabilities MS appear to be leaving a large window for the possible malicious exploitation of these flaws."

6 of 388 comments (clear)

  1. SP2 and Win2k3? by sriram_2001 · · Score: 4, Interesting

    Weird - the advisory doesn't mention SP2 specifically.Also, it has 'to be determined' next to Windows 2003.

  2. Re:Thanks Microsoft! by Karzz1 · · Score: 5, Interesting

    Is it just me, or have there been a ton of browser vulnerabities discovered recently? It seems that every couple of weeks or so there is a hole found in IE or Firefox/Mozilla or others even. Are security firms concentrating their efforts on browsers or are browsers simply more inherently insecure than most other software?

    --
    Beware of he who would deny you access to information, for in his heart he dreams himself your master.
  3. The Known Flaws. by rtb61 · · Score: 5, Interesting

    I have often also wondered about all those flaws that have been discovered and not declared, just quitely made use of. At least with open source the oppurtunity for discovery as well as a rapid fix has become obvious.

    --
    Chaos - everything, everywhere, everywhen
  4. Simple solution: restricted user for browsing by adam1101 · · Score: 4, Interesting

    The solution to all these browser exploits (IE, Firefox, Safari) is simple: create a restricted user to run the browser only. This can easily be done in Windows XP/2K, Linux and OS X. Restricted users cannot affect other users or system files. As long as you don't keep important data in this account, you can just periodically erase this user and create a new one.

  5. Block IE from connecting to the outside world by tepples · · Score: 4, Interesting

    I wish there was a "corporate" browser with minimal features to reduce exposure. Sort of like IE lite.

    It's called denying iexplore.exe and other apps known to embed the IE OCX the right to connect to the public Internet on port 80, using a software firewall on each machine or a proxy server that only Firefox knows about.

  6. Possible Wishful Thinking, But... Is IE Pointless? by FhnuZoag · · Score: 4, Interesting

    Is Internet Explorer still really of any benefit to Microsoft? Once upon a time, it might have been used to push ActiveX, or reinforce the Windows platform by encouraging integration. But security worries, and legal trouble, have put paid to that...

    To my naive eyes, it seems that IE is more trouble than it's worth. It's earlier bugginess puts a weight on later development to duplicate previous rendering errors, and it is strongly challenged by Opera, Mozilla, and the like. Also, their developers have to take care not to break compatiability too much - or at least, to sort out how to get various plugins to work with newer versions. The whole thing is a running sore with regards to their reputation, and the number of idiots running the browser means everything has to be dumbed down.

    It seems that the wise thing for Microsoft to do, simply from a selfish level, is to ditch the IE project. Open source what can be open sourced, develop a light, secure, bare-bones and idiot-proof version for bundling with their OS, and re-dedicate their resources elsewhere.

    Internet Explorer has no future.