Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Says Upgrade To IE8, Even Though It's Vulnerable

Posted by CmdrTaco on from the oh-we'll-fix-it-eventually dept.

Barence writes "Microsoft has issued a statement urging people to upgrade their browser to IE8, after the zero-day exploit that was used to attack companies such as Google went public. According to Microsoft's security advisory: 'the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.' But, although IE6 has been the source of the attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7."

3 of 279 comments (clear)

  1. Re:IE8 has the flaw but is immune... by Antiocheian · · Score: 0, Troll

    Sandboxing & virtualization of a sick browser is not a panacea. If the sandboxed application is compromised, it could still be controlled in its own domain and compromise cookies, passwords and anything else that it obtainable in its virtual space. It could still be used for malicious purposes, purposes that can could result in a knock on the door from the law.

    A hale and open sourced browser is the only safe way to go. Screw IE, any version.

    Was it not the browser that would install keyloggers and dialers through the press of the [Enter] key as it would default on installation of any "signed" ActiveX, not matter how fucked up it was? Yes! Did these people have any idea of what was happening on the Internet? Yes! Fuckit, the said, system-browser integration is not debatable; Microsoft had their fun killing Netscape, now we have our fun watching them trying to fix the mess. (They wont).

  2. Re:Upgrade to Opera by lorenlal · · Score: 0, Troll

    I dunno... If these folks are using IE6, and don't have any clue what they're doing, wouldn't they just be better off without a web browser? They'll find a way to stumble along something dangerous regardless of what anyone does to help them protect themselves.

    I think that we should encourage these users to upgrade to the "offline experience."

  3. Re:IE8 has the flaw but is immune... by Antiocheian · · Score: 0, Troll

    Ignoring the fact that they've come along way in both securing the browser and supporting standards shows nothing they do would make you happy.

    This guy is talking about Microsoft ?

    Somebody give me a clue, please.