Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Issue Emergency IE Patch

Posted by samzenpus on from the protect-ya-neck dept.

CWmike writes "Microsoft will release its emergency patch for Internet Explorer on Thursday, the company said, as it also admitted that attacks can be hidden inside rigged Office documents. 'We are planning to release the update as close to 10:00 a.m. PST as possible,' said Jerry Bryant, a program manager with the IE group. Microsoft has updated the security advisory it originally published last week when it acknowledged a zero-day IE vulnerability had been used by hackers to break into the corporate networks of Google and other major Western companies. Google has alleged that the attacks were launched by Chinese attackers. Subsequently, security experts have offered evidence that links the attacks to China."

10 of 79 comments (clear)

  1. Yikes by goldaryn · · Score: 4, Informative

    Affected Software
    Microsoft Windows 2000 Service Pack 4
    Windows XP Service Pack 2 and Windows XP Service Pack 3
    Windows XP Professional x64 Edition Service Pack 2
    Windows Server 2003 Service Pack 2
    Windows Server 2003 x64 Edition Service Pack 2
    Windows Server 2003 with SP2 for Itanium-based Systems
    Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
    Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
    Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
    Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service pack 2
    Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
    Windows 7

    "Windows 7: with multi-core optimisations and improved app performance, be compromised faster than ever before!"

    1. Re:Yikes by goldaryn · · Score: 5, Funny

      I have Windows 7 Home Premium x64 Edition. Did you forget to copy that part of the list or have my early-adoption habits finally been rewarded? If so then at last all the years of no driver support, software incompatibility and system instability were worth it!

      Windows 7 for x64-based Systems
      Windows Server 2008 R2 for x64-based Systems
      Windows Server 2008 R2 for Itanium-based Systems
      Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
      Internet Explorer 6 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
      Internet Explorer 6 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
      Internet Explorer 7 for Windows XP Service Pack 2 and Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
      Internet Explorer 7 for Windows Server 2003 Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, and Windows Server 2003 x64 Edition Service Pack 2
      Internet Explorer 7 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
      Internet Explorer 7 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
      Internet Explorer 7 in Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
      Internet Explorer 7 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
      Internet Explorer 8 for Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows XP Professional x64 Edition Service Pack 2
      Internet Explorer 8 for Windows Server 2003 Service Pack 2, and Windows Server 2003 x64 Edition Service Pack 2
      Internet Explorer 8 in Windows Vista, Windows Vista Service Pack 1, Windows Vista Service Pack 2, Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
      Internet Explorer 8 in Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
      Internet Explorer 8 in Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
      Internet Explorer 8 in Windows 7 for 32-bit Systems
      Internet Explorer 8 in Windows 7 for x64-based Systems
      Internet Explorer 8 in Windows Server 2008 R2 for x64-based Systems
      Internet Explorer 8 in Windows Server 2008 R2 for Itanium-based Systems
      Non-Affected Software
      Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4

      Hahahaha. Take that Firefox/Chrome/Opera users! I'm running Internet Explorer 5.01 Service Pack 4 for Microsoft Windows 2000 Service Pack 4! SucNO CARRIER

    2. Re:Yikes by Hurricane78 · · Score: 5, Insightful

      Looks like a basic architectural problem. Or else it would nor persist as long, trough so many changes.

      No need to bash MS on top of the usual, because Win7 still has it. Think of a basic core library that just works since back then and does not need changing. You overlooked something, and someone found a way that you did no think about.
      That’s normal, an can happen to anyone.

      It’s usually not the bugs that are the problem. Everything has bugs.
      It’s the way MS handles fixing them. With massive denial, attacking others for mentioning it, and then a very very late, half-assed patch that needs another patch to patch the patch.
      That’s the real problem.

      Would MS just have a normal bugzilla, and in the normal case quickly fix the important bugs, I would have no problem with that. Mozilla does it just like that. And even Mozilla has a couple of long-standing bugs. I guess every big software has them. Because every software has a base architecture that you can only re-build every so many years in the complete rewrite. So bugs that don require that architecture to change can’t simply be fixed.
      Oh, that reminds me, that for IE, that rewrite is long overdue. That’s the reason there are so many big bugs in there. But I don’t see MS doing a complete rewrite, unless they are forced to completely throw away the old Trident engine.

      --
      Any sufficiently advanced intelligence is indistinguishable from stupidity.
  2. Another blow to Open Office. by 140Mandak262Jamuna · · Score: 4, Funny

    "Microsoft will release its emergency patch for Internet Explorer on Thursday, the company said as it also admitted that attacks can be hidden inside rigged Office documents. '

    Now to be 100% compatible with Microsoft Office, the OpenOffice developers have to work day and night to get this bug/hole/exploit to work exactly the same way in OpenOffice too. I have heard OpenOffice people bitch and moan, "Microsoft keeps changing file formats and APIs deliberately forcing us to do so much of work catching up", now I sympathize. I understand how difficult it would be to code up a gaping security hole that works exactly like it does in the De-Facto Standard.

    That brings up another issue. The ISO committee now has to redo the standards to allow this exploit into the OOXML-is-standard-too document. But fortunately the 6000 page standard definition was already in the form of a doc file with this specially crafted backdoor in place. So Microsoft was able to step in, do the modification needed, and set the flags to erase all evidence of the edit and exit. The committee chairman Soldou Tothem expressed his gratitude to Microsoft and complimented their foresight in incorporating such back doors into the standards document.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. Shows difference between IT and politics by thijsh · · Score: 5, Insightful

    It only shows that warnings are never heeded when coming from the insiders and professionals. It takes global companies and several countries to ring the bell for MS to step up and patch exploits faster...
    It's not really news that lots of exploits could (and probably were) abused for espionage (both corporate and international). But only now that 'teh evil chinese' are happily hacking along some action is taken.
    This is exactly the kind of problem that could be avoided by listening to security experts.

    Thanks M$ for giving a crap about the security of users, companies and countries... You're a few years too late stepping up the game, but please keep it up, we might as well have security as an afterthought instead of no security at all.

  4. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  5. Re:Define Emergency by Rogerborg · · Score: 4, Informative

    Literal answer: Microsoft classes anything that's not released on Patch Tuesday as an emergency (aka "out of band", but potaYto, potaHto) patch.

    --
    If you were blocking sigs, you wouldn't have to read this.
  6. Re:Brrrrrrr! Sorry. Wrong Name. by Rogerborg · · Score: 3, Funny

    In Microsoft "it's not an emergency, it's an..." parlance, that would be an out-of-band-aid.

    --
    If you were blocking sigs, you wouldn't have to read this.
  7. Re:stolen source by rtfa-troll · · Score: 3, Insightful

    Microsoft has given the Chinese government preferential access to the Windows Source code. They even set up a lab of security researchers to look for vulnerabilities in the code. I don't think leaks onto the internet have anything to do with it. It's kind of like all the possible disadvantages of OSS with none of the advantages.

    --
    =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  8. Attack from the source by Judebert · · Score: 3, Interesting

    As I recall, the Chinese government has access to the Windows source code. Google's been claiming that the Chinese government launched the attacks, and security experts have backed them up. The obvious conclusion is that having the source gave the Chinese government the opportunity to develop a new attack against Windows.

    While some might see this as an argument against Open Source security products, I see exactly the opposite. The closed source made it possible for the only party with the source to gain an advantage. In products where the source is available to everyone, there is no advantage to any party. Therefore the holes are found and sealed, instead of left to fester, like this one was.

    --

    For geek dads: Contraction Timer