Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE7 Bug Reports Flooding In

Posted by Zonk on from the experience-them-now-avoid-the-rush dept.

the JoshMeister writes "According to ZDNet, bug reports are already flooding in for Microsoft's new Internet Explorer 7 Beta 2 Preview. Specific issues include the possibility of arbitrary code execution as well as incompatibilities with McAfee Security Center, anti-spyware programs, and online banking sites." From the article: "... browser testers may already be at risk, according to security researcher Tom Ferris. Late Tuesday, Ferris released details of a potential security flaw in IE 7. An attacker could exploit the flaw by crafting a special Web page that could be used to crash the browser or gain complete control of a vulnerable system, Ferris said in an advisory on his Web site. Microsoft had no immediate comment on Ferris' alert."

8 of 259 comments (clear)

  1. Story is inaccurate... by Manip · · Score: 5, Interesting

    Calling Tom Ferris a "Security Researcher" is like calling Bill Gates a programmer... He is more a 'Robert Scoble' character. And his discovery of arbitrary code execution is incorrect as per the link: http://blogs.msdn.com/ie/archive/2006/02/01/522682 .aspx

    The guy is not a professional anything, I mean he lists workarounds as 'Firefox'; which just shows how little he understands the security field which he claims to work in (A workaround should be a way to fix or bypass the bug, not a blind pointer at some random other product, even the Linux Security guys know that).

  2. More annoying than the bugs.. by chou+oishii · · Score: 5, Interesting

    ..are the way it: a) Requires you to validate windows to install, b) Requires a reboot, and c) Actually attempts to pass off things like tabbed browsing and a search bar as innovative (really, take a look at the "demo" they bring you to when you first install it).

    I'm not asking them to spend money advertising the fact that they're way behind the curve on browsers, just to stop lying to me.

    1. Re:More annoying than the bugs.. by ChaosDiscord · · Score: 2, Interesting
      I am not thrilled about this but given the wedding of the browser rendering component and the rest of the user experience ("OS"), i can't say i am surprised.

      While not surprising, it's still crap.

      The core flaw is that under Windows you can't delete a file that is in use. The accepted solution is to set up a little script to run on reboot that deletes the file and replaces it with the new version. That's sad and stupid.

      The Unix solution allowing you to delete an in use file solves the problem. It has its own weaknesses (as long as any process holds a file open, it chews up disk space), but at least you can upgrade even low level libraries (which is all the IE libraries are) without a reboot.

      --
      Search 2010 Gen Con events
  3. Treat IE 7 as IE 6? by Pascal+Sartoretti · · Score: 5, Interesting

    The problem for Microsoft is that many web applications use the following logic:

    if (browser is Internet Explorer) then

    emit HTML code that works around the numerous rendering bugs of IE

    else (Mozilla, Netscape, Opera)

    emit standards-compliant HTML code
    With this kind of (flawed) logic, IE 7 will often be identified as IE, and hence be provided with IE 6-specific HTML code, whereas it should have been sent "correct" HTML code. The result may be, well, interesting :-)

    I really don't see what Microsoft can do against this. They can't expect millions of web sites to be updated overnight just to support IE 7.

  4. Re:Security is Job 1? by FireFury03 · · Score: 2, Interesting

    most betas are at least close enough to finish that the programmers are looking for the obscure bugs

    What surprised me about beta 1 was that they hadn't even finished implementing features that were already on the final product's feature list. Actually, it seemed that they hadn't actually finished deciding what was going on the feature list.

    Most people would consider that development stage to be alpha - beta is where you have finished implementing the feature list and you are now after feedback from the customers on bugs, user interface and what extra features they think need to be implemented which weren't on the feature list. I.e. a beta release should fulfill the original specification, albeit still needing some bugfixes.

    --
    http://blog.nexusuk.org
  5. Re:Duh! by tassii · · Score: 2, Interesting

    Of course it's got bugs -- it's a beta!

    I think the notable part is its the same bugs as IE 4 had.. and IE 5... and IE 6...

    --
    "I drank what?" - Socrates
  6. MSIE 7 in the wild by harmonica · · Score: 3, Interesting

    Just looked at my logs for the last two days and MSIE 7 has already caused more requests than Opera/8, making it the #4 after MSIE 6, Mozilla and MSIE 5 (yes, grouping could be better for the Mozilla/Firefox family). It's a tech site, so the early adopters can be expected to show up here. Still, that was fast.

  7. Re:Nasty security flaw that Microsoft missed by zootm · · Score: 3, Interesting

    Fairly official response (taken from another comment).

    We received reports this morning that a security researcher had found a bug in the IE7 Beta 2 Preview release. This issue reportedly crashes IE and is exploitable to execute arbitrary code on the user's computer. Naturally, we take the security of IE and our users' safety very seriously, so we investigated immediately. We did confirm that the bug crashes IE. However, we did not find that the bug was exploitable by default to elevate privilege and run arbitrary code.

    This bug had already been found during our code review and analysis that is a mandatory part of our development process; it was scheduled to be fixed before our next public release. We do not believe this bug is easily exploitable, and as an extra defense, the /GS flag also catches the overrun. This is a compiler flag that tells Windows to watch for some classes of buffer overflows. If Windows sees a problem, it kills the application, in this case IE, instead of running the exploit code. While this is certainly not our primary line of protection, it does offer defense-in-depth to help keep our customers secure.

    So it appears that Microsoft's new development practices caught this bug internally before it was caught in the public beta, to find bugs like this. It also seems that the overrun is caught and dealt with (causing a crash as overruns should, but not allowing any degree of "control") by the system they are using for development anyway. Apparently the original article has not proven that the bug could be exploited at all yet anyway, so a response from his end will be required before this can really be seen as anything other than the sort of thing that's to be expected from a beta release.