IE Flaw Puts Windows XP SP2 At Risk

Zigor writes "CNET is reporting that a new flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned. The discovery of this IE flaw comes just over a month after Microsoft issued a cumulative patch addressing three vulnerabilities for IE. The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2."

Re:Is The Honeymoon Still Over?

[RAMMS+EIN]

``I presume we are still to believe that FireFox is less secure than IE, because it has had more vulnerabilities discovered recently?''

It begs the question though: how much effort is being put in finding flaws in Microsoft software, and how much effort is being put in finding flaws in other software? I know that Windows is to security as a submarine is to a sponge, but what about a default Ubuntu install?

My laws of security:

  - Windows is so insecure it has become unusable.
  - There's no way of knowing whether another system is more secure (any study will always be biased)
  - Any software written in unsafe languages (notably C) is bound to contain vulnerabilities

Re:What is THIS?!

[Frankie70]

"nyah, nyah, my hands are covering my eyes so the exploit can't harm you!"

Firefox also follows the same method.

Several of the bugs are marked hidden.

https://bugzilla.mozilla.org/show_bug.cgi?id=30693 9 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30694 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30703 1 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30704 0 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 4 [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=30708 7 [mozilla.org]

They're telling you nothing

[DrIdiot]

Am I the only one that finds these two quotes contradictory when juxtaposed?

"The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention,"

Microsoft's Windows XP with SP2 is designed to make it more difficult for attackers to run malicious software on users' computers.

"some level of user intervention" can mean anything. I can mean they have to download a executable disguised as an image and change its filetype. I can mean the user has to click an "OK" button. They're basically telling you nothing about how much you are at risk. "You're at risk, but we're not telling you why, how, and to what degree."

And when they tell you that SP2 made it more difficult for arbituary code to be run on your computer, they're probably talking Windows Firewall. And for those of us who (unfortunately) downloaded SP2, we can all testify that Windows Firewall is useless, and it was the first thing I disabled in services.msc when I got SP2.

New /. Section

[Lars83]

Mods, Please add "Circle Jerk" as a new /. section. Then people who want to avoid the "OMG, Microsoft's programs have vulnerabilities!!! O GNOES!!!11!1" sarcasm can skip articles with the new "Circle Jerk" icon. Email me if you'd like me to start Photoshopping said icon. Thanks, Lars

Re:Is The Honeymoon Still Over?

Yes! And because a company who is selling security software to protect you from Microsoft and it's evil browser is making this statement, it MUST be true!

Interesting how the same people who will not question some company selling software are the same people who critize the government when they say there is a terrorist threat.

I guess web browsers are more important than protecting lives.

Mod Parent Up Funny

[i.of.the.storm]

Just wondering, whuch idiot modded this +4 informative? It should be funny, obviously he is making fun of IE and saying that Firefox is an upgrade. Wow people, sometimes I wonder how people get mod points.