New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe

An anonymous reader writes "Criminals are using a new Internet Explorer security hole to attack Windows computers in targeted attacks, though the vulnerability could end up being more widely exploited. While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are. It's great to see that the latest versions of IE are immune, but this new vulnerability is still bad news for Windows XP users and earlier since they cannot upgrade to more recent versions of Microsoft's browser. 'We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,' Dustin Childs of Microsoft Trustworthy Computing told TNW. 'We will take appropriate action to help keep customers protected once our analysis is complete. People using Internet Explorer 9-10 are not impacted.'"

I do feel sorry for XP users

I tried out IE 10 and it was great. It downloaded firefox and chrome even better than ever. People who haven't updated should. Too bad XP users can't use it though.

Gotta love the summary

[MyLongNickName]

Title: New IE Vulnerability Used In Targeted Attacks; IE9, IE10 Users Safe
Sentence Two: While IE9 and IE10 are not affected, versions IE6, IE7, and IE8 are
Then: "We are actively investigating reports of a small, targeted issue affecting Internet Explorer 6-8,"
Then: People using Internet Explorer 9-10 are not impacted.""

Could someone please tell me which versions are vulnerable and which ones are not?

Arrogant Computing Users

[tuppe666]

Anyone still using IE6 or IE7 deserves to get hacked anyway. I might have a crocodile tear for IE8 users

I not a doctor - Do I deserve to get sick, I'm not a mechanic - Do I have to walk..How about fixing leaky tap!...how about making a violin!!. I am not an expert in everything, and have been rarely been out of education, some things take years to learn. The truth is why should everyone be executed to be experts at computing.The sad fact is the world is moving towards electronics away from general purpose computers...making experts like you redundant!

Obligatory update patch

[linebackn]

Obligatory: Get the update patch here: http://www.mozilla.org/en-US/firefox/new/

Re:I don't feel sorry for those IE users

[Kergan]

Why would anyone deserve to get hacked for just running an old version of a software?

Because the immense majority of them are corporate users whose IT managers should know better.

Re:The remaining (ironic) reason I still use IE

[Kergan]

Have you tried actually uninstalling Flash? When you do, YouTube serves an html5 video.

What about Compatibility View?

[93+Escort+Wagon]

Compatibility View seems to turn IE 8-10 into IE 7... And I find people using it all the bloody time (and for no good reason other than they didn't like how the newer version CORRECTLY rendered some random page they were used to seeing broken!). So is Compatibility View immune to the exploit? I'm unclear whether IE has a separate engine for this or just uses some bizarre CSS definitions to achieve the brokenness...

It has to be said.

[AliasMarlowe]

TFA implies that IE9 and IE 10 users are not vulnerable to this attack. Well, neither are Firefox users, nor Opera users, nor Chromium users, nor Safari users, nor ... and the list goes on and on. Oh and obviously people using BSD or Linux or Mac are not vulnerable either.

Re:Portablility a feature

[disambiguated]

Negative. The Mac and *nix versions of IE were completely separate code bases, developed by completely separate teams.