Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches "Google Hack" Flaw In IE

Posted by timothy on from the you-saw-this-coming dept.

An anonymous reader writes "As expected, Microsoft has issued an out-of-band security patch to address a remote code execution hole in Internet Explorer that was used in the recent Chinese attacks disclosed by Google. Ars Technica has all the download links you need."

8 of 142 comments (clear)

  1. Just a thought. by burkmat · · Score: 2, Interesting

    Now, if I had that kind of exploit (along with the Windows source code) to play with, and the skills to individually target a specific Google machine, I'd sure as hell make sure to sneak my exploit into the soon-to-appear Microsoft patch site...

    And honestly, so far the chinese have struck me as the competent types.

    1. Re:Just a thought. by phantomcircuit · · Score: 3, Interesting

      And honestly, so far the chinese have struck me as the competent types.

      The several thousand failed attack attempts in my logs would care to disagree.

  2. What if IE could be uninstalled? by davet2001 · · Score: 4, Interesting
    Since I never use IE and never intend to, it's a shame that there's no uninstall option in XP.

    Removing IE would save me bandwidth on all the patches and more importantly spare me the forced reboots.

    I'd probably find that a lot of rendered local text would stop working without IE such as help pages, but I usually find google more effective than built in help these days any way.

    1. Re:What if IE could be uninstalled? by WraithCube · · Score: 3, Interesting

      Troll? I know the parent missed the point of the GP that the operating system should not depend on an html rendering engine of a buggy browser, but is quite far from a troll. He brings up a good point. There are a lot of apps that for right or wrong use the IE rendering engine, including plenty of in house applications.

      As far as removing IE goes, iexplorer.exe will get rid of the gui leaving just the engine behind it. However, removing an html rendering engine should not break an operating system. Years ago I mistakenly tried to forcibly remove the rest of the engine from windows xp and ended up with more errors and problems than I could figure out. It breaks windows explorer and if I remember correctly causes internet connection problems since connection properties are configured through IE.

      Though I would have to call into question how much any modern OS depends on an HTML renderer. Correct me if I'm wrong, but I believe both KDE and GNOME would be able to operate with only minor lost functionality without an html rendering engine. I know khelp uses an html library (that oddly is not installed in opensuse by default). GTK+ and QT can both use webkit, but are in no way dependent on it.

  3. Re:Why not just disable it instead. by Old+Flatulent+1 · · Score: 2, Interesting
    here is a good way to disable IE and make sure that nothing can access it and all stupefied widows only morons will be forced to use the default browser you set up. There sure as heck would not have a clue as to why IE will not work.

    Then remove the entries from the start menu and take all the icons off the desktop. Of course this is not practical with XP but will work just fine with vista and 7 as the updates are independent of the default browser. It will work if you control the updates in XP and only enable IE when a critical update happens.

  4. It could be worse... by Antony-Kyre · · Score: 2, Interesting

    You could be one of those people who is stuck using XP SP1, so it won't install to begin with.

  5. Re:Microsot by Canazza · · Score: 2, Interesting

    That needs qualifying as #1 in the HOME market. There are many more servers running various brands of Unix and Linux out there than there are running IIS or Apache on a Windows box (though not an insignificant ammount).

    Servers are naturally harder to get viruses or trojans onto them as they're generally not used to surf the web, and the only applications executed on them should be done by a responsible sysadmin - who should know better.

    Windows is targeted as it is the #1 Home and Business OS, and as most people are clueless about how the technology actually works (running with admin privileges, surfing dodgy sites, falling for phishing scams, opening spam emails). A street magician or scam artist will only target those people who they see as a patsy. The obvious idiot. The lazy fool. Windows and IE attract them both, and they get burned for it.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  6. Re:WTF! FORCED SHUTDOWN by weicco · · Score: 2, Interesting

    Uh! I would love to "upgrade" in-use shared library files so that changes are reflected to loaded instances in every running process! My viruswormtrojan would rule the world!

    --
    You don't know what you don't know.