Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Issues Emergency IE Security Update

Posted by CmdrTaco on from the press-the-panic-button dept.

WrongSizeGlass writes "CNET is reporting that Microsoft has issued an emergency patch for 10 IE security holes. 'The cumulative update, which Microsoft announced on Monday, resolves nine privately reported flaws and one that was publicly disclosed. ... Software affected by the cumulative update addressing all the IE vulnerabilities includes Windows 2000, Windows XP, Windows Server 2003 and Server 2008, Vista, and Windows 7.'"

12 of 114 comments (clear)

  1. Pwn2own strikes again by sxedog · · Score: 4, Informative

    Amazing... that was only a week ago!

    --
    If it ain't broke, DON'T fix it.
    1. Re:Pwn2own strikes again by amicusNYCL · · Score: 4, Insightful

      idiots who want to use what they don't understand deserve to get 0wned.

      Totally. All those drooling idiots driving cars without knowing how to rebuild an engine and transmission are just asking for it.

      --
      "Our two-party system is like a bowl of shit looking at itself in a mirror." - Lewis Black
  2. Cnet link not really informative by Bearhouse · · Score: 4, Informative

    Ms link here:

    http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx

    No real sweat for IE8 on Win7...

    1. Re:Cnet link not really informative by malloc · · Score: 4, Insightful

      To me "No real sweat" != "Windows 7 - Internet Explorer 8 - Remote Code Execution - Critical "

      --
      ___________________ I want to be free()!
    2. Re:Cnet link not really informative by natehoy · · Score: 3, Informative

      Actually, it is.

      This release also addresses CVE-2010-086, which is no sweat for IE8 on Win7, as you say. But note the term "also addresses". That's an important term.

      One or more of the other nine vulnerabilities the fix is being released for is labeled as critical, and can cause remote code execution.

      Specifically, CVE-2010-0490 (Uninitialized Memory Vulnerability) and CVE-2010-0492 (HTML Object Memory Corruption Vulnerability) are both listed specifically as "Critical - Remote Code Execution" for Windows 7 (both 32 and 64-bit) for Internet Explorer 8. CVE-2010-0494 (HTML Element Cross-Domain Vulnerability) is listed as "Important - Information Disclosure".

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    3. Re:Cnet link not really informative by WrongSizeGlass · · Score: 3, Informative
      Actually, IE 8 and Windows 7 are listed in that very link you posted.

      Internet Explorer 8:
      * Windows XP Service Pack 2 and Windows XP Service Pack 3
      * Windows XP Professional x64 Edition Service Pack 2
      * Windows Server 2003 Service Pack 2
      * Windows Server 2003 x64 Edition Service Pack 2
      * Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2
      * Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2
      * Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
      * Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
      * Windows 7 for 32-bit Systems
      * Windows 7 for x64-based Systems
      * Windows Server 2008 R2 for x64-based Systems**
      * Windows Server 2008 R2 for Itanium-based Systems

  3. Better links here: by Anonymous Coward · · Score: 5, Funny

    Link 1
    Link 2

    1. Re:Better links here: by Ron+Bennett · · Score: 3, Interesting

      Firefox is nice and is my default browser, but not much better than IE8 when it comes to security vulnerabilities.

      For example, many feel Firefox is so much more secure than IE8 and yet why is that pop-unders (not the same as pop-ups, which FF does a good job blocking) from the likes of Netflix, even after years of complaints, still hasn't been addressed?

      Surely, if unwanted pop-unders can slip through in Firefox, likely so can other unwanted things. Despite being an open-source program, I'm surprised there's still no built-in defense against pop-unders in Firefox. Yes, I know there's Adblock, but that comes with a bunch of overhead and, from what I've read, doesn't always block pop-unders either. End of rant.

    2. Re:Better links here: by Enderandrew · · Score: 4, Insightful

      If Chrome had a better ad-blocking solution, I'd agree with you. All the Chrome ad-blockers still render/run the ad in the background

      I was reading AintItCoolNews with Chrome, and some ad in the background downloaded and opened a PDF without asking me, which Microsoft Security Essentials was quick to report had malicious code in it.

      With Firefox and Adblock Plus, I never see ads. Where are most of these exploits going to originate from? Ads.

      --
      http://blindscribblings.com - Tasty pop-culture in conceptual fashion.
    3. Re:Better links here: by aztracker1 · · Score: 3, Informative

      Re-read the GP.. the content still gets rendered, even if you don't see it... Which means any exploits still get through.

      --
      Michael J. Ryan - tracker1.info
  4. My solution by stonewallred · · Score: 3, Funny

    I just don't use any browser. I refuse to use one that is not 110% secure. Plus it saves me tons of money by not having to pay for internet connection. When I really need to cruise the web, I just plug in the brainstem actualizer and use an avatar to swim through a virtual reality version of the net. And I fight off viruses and malware using a lightsaber. Ya'll really need to come to the real geek heaven.

  5. Reboot???!! by jon_cooper · · Score: 3, Insightful
    Why on earth do I have to reboot my system just to patch a web-browser????

    Grrrrr!!!

    And yes, that was a rhetorical question.