Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Flaw Puts Windows XP SP2 At Risk

Posted by CowboyNeal on from the double-your-pleasure dept.

Zigor writes "CNET is reporting that a new flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned. The discovery of this IE flaw comes just over a month after Microsoft issued a cumulative patch addressing three vulnerabilities for IE. The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2."

6 of 227 comments (clear)

  1. The Real News by TheRaven64 · · Score: 5, Informative

    I think the real news is not the fact that there is a new vulnerability, but that (from the second link) there are still 12 unpatched vulnerabilities allowing remote or arbitrary code execution found by one organisation. The oldest of these was reported in March.

    --
    I am TheRaven on Soylent News
  2. Re:Most Will Agree...But No... by baadger · · Score: 4, Informative

    This has been discussed before and seems to start flamewars.

    Yes there is a way to remove the IE engine from Windows 2000's installation files (and indeed integrate IE6 into them, since 2000+SP4 comes with IE 5).

    The method of doing so is here. However it breaks things such as Windows help, Windows Update and lots of miscellaneous parts of the OS. For me atleast, it made the OS almost unbareable, introducing alot of annoyances. Although to be fair, I followed the post-install instructions...in theory, pre-install removal should be smoother.

  3. Re:Most Will Agree...But No... by GlassUser · · Score: 4, Informative

    You should consider the Microsoft Baseline Security Analyzer. It will scan your computer (hell, it will remotely scan all the computers on your domain if you want), tell you what you have or don't have, and give you links to the download.

    --
    funny munging
  4. Re:Open source enhances security of MSFT's custome by HerculesMO · · Score: 4, Informative

    I mentioned it in another article, but the key for Linux to breakthru to the desktop market is not for widespread adoption by corporate customers, it's just simple, plain old, EASE OF USE.

    I'm a pretty experienced computer user, EX-Windows developer (networking now), MCSE and while I can install Linux and get around it, I don't have a clue of an idea how to do a lot of things, including at times, install software (though I've figured that out with yum and rpm haha!). Either way... until Linux offers the eyecandy that OS X does, with the compatibility that Windows offers... it will still be the DESKTOP choice of nerds.

    I'm waiting for the next version of KDE for some improvements but in reality, I think there's a lot more to be done at even a kernel level to make some things more idiotproof.

    --
    The price is always right if someone else is paying.
  5. Re:Most Will Agree...But No... by Anonymous Coward · · Score: 4, Informative
    This is so easy, why make it so hard?

    Turn off ActiveX, infact turn off everything in IE (scripting, install, etc) in the "internet" zone.

    Now, the easy part: add microsoft.com to the "trusted sites". In fact, if you surf to the windowsupdate site with activex turned off you get the message of exactly what to add to "trusted sites".

    Sleep easy knowing that (a) windows update works (b) nothing else works. Happyily use Mozilla for your web browsing.

  6. Real Comparison of IE and Firefox by Hamfist · · Score: 4, Informative

    Secunia has very informative pages about the relative security of IE and firefox.

    Firefox

    IE

    The problems with firefox compared to IE are:

    IE bugs are more frecuently critical
    IE critical bugs take longer to patch
    Fully patched IE is less secure than Fully patched Firefox