New Attack Fells Internet Explorer

alphadogg writes "Attack code has been identified that could be used to break into a PC running older versions of Microsoft's Internet Explorer browser. The code was posted Friday to the Bugtraq mailing list by an unidentified hacker. According to security vendor Symantec, the code does not always work properly, but it could be used to install unauthorized software on a victim's computer."

Is that supposed to be news??

[rpp3po]

Yes, old, unpatched browser versions can be exploited. Is this a joke?

Re:Is that supposed to be news??

[UnknowingFool]

old != unpatched.

The article says IE 6 and IE7. It does not say unpatched. For many people these are their current browsers as they have not upgraded to IE 8. For business users, their companies may still insist they use older browsers until they are able to migrate certain software to the new version.

Re:Is that supposed to be news??

[caluml]

I work for a very large bank, and IE 6 is the corporate standard. The banking platform is only designed to work with IE6. Some of the internal admin tools don't work with IE8.

Re:In other news...

[koiransuklaa]

What does that have to do with anything? Fully patched IE 6 and IE 7 are _supported_ products, the ones you list are not.

Hypocrits!

So, isn't the responsible thing to do to notify Microsoft, and given them adequate time to produce a patch?

By posting the exploit to a public list, this guy is basically handing the bad guys a weapon. That's criminal. But because it's a Microsoft product, the Slashdot folks just eat that up -- Hey, fuck'em, they're running Wind0ze!!!111