New Attack Fells Internet Explorer

← Back to Stories (view on slashdot.org)

New Attack Fells Internet Explorer

Posted by Soulskill on Sunday November 22, 2009 @03:33AM from the tricking-an-old-dog dept.

alphadogg writes "Attack code has been identified that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer."

8 of 202 comments (clear)

Min score:

Reason:

Sort:

Is that supposed to be news?? by rpp3po · 2009-11-22 03:38 · Score: 4, Insightful

Yes, old, unpatched browser versions can be exploited. Is this a joke?
1. Re:Is that supposed to be news?? by UnknowingFool · 2009-11-22 03:53 · Score: 4, Insightful
  
  old != unpatched.
  The article says IE 6 and IE7. It does not say unpatched. For many people these are their current browsers as they have not upgraded to IE 8. For business users, their companies may still insist they use older browsers until they are able to migrate certain software to the new version.
  
  --
  Well, there's spam egg sausage and spam, that's not got much spam in it.
2. Re:Is that supposed to be news?? by DarkOx · 2009-11-22 04:04 · Score: 3, Insightful
  
  Considering how long people hold onto their version of IE, it will be ages until IE7 disappears.
  
  I really don't think you are right about that. There will always be those home users on dialup that don't run automatic updates ever but they are not very useful in a bot net anyway. Most people will get update to IE8 weather they mean to do it or not. IE 6 lives in the corporate space because it was around long enough for its own software ecosystem to develop in and on it. IE7 was around for like a year before 8 was released as beta and 8 does not break much compatibility with 7 its much less significant than 6 -> 7.
  I doubt there is much code out there target at 7 that does not work on 8. The projects that do would have to have been pretty small and would have been designed and completed in a pretty narrow time window between 7's release and the pretty clear public information on what was coming in 8.
  
  --
  Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
3. Re:Is that supposed to be news?? by caluml · 2009-11-22 04:47 · Score: 4, Insightful
  
  I work for a very large bank, and IE 6 is the corporate standard. The banking platform is only designed to work with IE6. Some of the internal admin tools don't work with IE8.
  
  --
  Get your own free personal location tracker
Re:Virus warning by clang_jangle · 2009-11-22 03:52 · Score: 3, Insightful

As soon as I go to the bug trak web site , my snake oil scamware goes off like crazy.
FTFY.

--
Caveat Utilitor
Re:In other news... by koiransuklaa · 2009-11-22 04:23 · Score: 4, Insightful

What does that have to do with anything? Fully patched IE 6 and IE 7 are _supported_ products, the ones you list are not.
Hypocrits! by Anonymous Coward · 2009-11-22 05:09 · Score: 5, Insightful

So, isn't the responsible thing to do to notify Microsoft, and given them adequate time to produce a patch?
By posting the exploit to a public list, this guy is basically handing the bad guys a weapon. That's criminal. But because it's a Microsoft product, the Slashdot folks just eat that up -- Hey, fuck'em, they're running Wind0ze!!!111
Re:Not aware of a patch? by 0123456 · 2009-11-22 06:07 · Score: 3, Insightful

Surely one of the main reasons for having web based applications in the first place is to get some independence from the clients' platform.
You haven't been in IT long, have you?