IE Patch To Fix 57 Vulnerabilities

← Back to Stories (view on slashdot.org)

IE Patch To Fix 57 Vulnerabilities

Posted by timothy on Saturday February 9, 2013 @02:24AM from the there's-a-sauce-for-that dept.

Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."

51 of 91 comments (clear)

Min score:

Reason:

Sort:

Why would the Java exploits be related? by thue · 2013-02-09 02:29 · Score: 4, Insightful

IE10 bundles Flash, so I guess the flash bugfixes can be related.
But IE does not bundle Java - why would the IE bugfixes be related to the Java bugfixes?
1. Re:Why would the Java exploits be related? by kthreadd · 2013-02-09 03:47 · Score: 1
  
  It's doing just fine according to some benchmarks.
  http://techcrunch.com/2012/11/06/report-internet-explorer-10-is-the-fastest-browser-on-windows-chrome-19-wins-on-mac/
2. Re:Why would the Java exploits be related? by colfer · 2013-02-09 04:57 · Score: 1
  
  The Mozilla plugin check tool can be used in any browser, and reports Flash on IE10 on Win8 is still "outdated": https://www.mozilla.org/en-US/plugincheck/
  But the tool can be inaccurate for some browsers. At this time it does show Flash on Chrome as up-to-date. Chrome also bundles its own Flash. Firefox shows as OK too, after you update. If you try to update Flash in IE10 you get a notice that Flash is bundled, but it also says you can install it if you really want to.
3. Re:Why would the Java exploits be related? by hairyfeet · 2013-02-09 22:30 · Score: 1
  
  I doubt seriously they have anything to do with Java, its just some name dropping to make TFA more "trendy".
  But THIS is why I don't recommend IE and in fact go out of the way to make sure my customers have IE alternatives installed. IE could be the greatest browser on the planet but because its the browser of the clueless it has a 50 foot bullseye painted right in the middle of its too juicy a target.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
Seriusly? by Anonymous Coward · 2013-02-09 02:32 · Score: 1

"Microsoft is advising users to stick with other browsers until Tuesday"
Ok everybody! go and install Firefox or Chrome!
1. Re:Seriusly? by jones_supa · 2013-02-09 02:43 · Score: 5, Informative
  
  There seems to be a mistake in the summary. The ZDNet article says "With this in mind, users are advised to switch to another browser for the next few days until the updates are released." That seems like ZD's own recommendation, I couldn't find that from the MS security bulletins.
2. Re:Seriusly? by mwvdlee · 2013-02-09 03:01 · Score: 1
  
  I was surprised at reading that in TF(UBAR)S as well; the only reason I can imagine for MS saying that is if they were planning to drop IE altogether... somewhat unlikely.
  
  --
  Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
3. Re:Seriusly? by Snowhare · 2013-02-09 04:30 · Score: 1
  
  I think MS may have revised the tech note after ZDNet wrote their story. It was offline for a little while after the story came out, and then came back again.
4. Re:Seriusly? by LVSlushdat · 2013-02-09 04:42 · Score: 1
  
  I advise all my clients who are *still* on windows to stay the hell away from IE period.. Firefox/Chrome/Opera are FAR superior to the "swiss-cheese" security environment of MS's turd browser.. So that I'm not *completely* negative, they have come a long ways with what I've seen of IE10, but they make up for that win with the abortion they call Unity/Windows 8.. I'm sure Metro is just fine on a tablet, but on a desktop with keyboard/mouse??? They HAD to be smoking some serious shit...
  
  --
  THANK YOU, Edward Snowden!! Americans owe you a debt of gratitude (whether they know it or not..)
5. Re:Seriusly? by smash · 2013-02-09 16:02 · Score: 1
  
  Firefox, Chrome and Opera have their own issues. Firefox has issues with multiple levels of proxy chaining in certain environments. IE security can be managed via filtering proxies, security zones, UAC, etc. Incompatibility between other browser and business apps often can not.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
6. Re:Seriusly? by smash · 2013-02-09 16:03 · Score: 1
  
  This. People running IE don't WANT to be running IE. Managing the security problems is just a lot easier than replacing apps that break, dealing with no central policy management or update management, etc.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Microsoft is advising users to stick with other.. by ark1 · 2013-02-09 02:34 · Score: 5, Insightful

browsers. Where did you got this information? MS bulletin does not state that and I doubt MS would ever make such recommendation no matter how serious the bug was.
Someone got on their case by eksith · 2013-02-09 02:36 · Score: 5, Informative

The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security) which is a sure fire way to motivate companies to keep their software secure. I know it's not the favorite company here, but they fought (sometimes dirty) to get where they are. They made it and have to deal with the "now what?" phase. Software monocultures suck no matter who's culture it is.
What I found really interesting is that bulletins 7-9 and 11 are for escalation of privilege whereas the rest are for remote code execution. Which means, it may not have helped much to be logged in as an unprivileged user anyway.

--
If computers were people, I'd be a misanthrope.
1. Re:Someone got on their case by Runaway1956 · 2013-02-09 03:38 · Score: 1
  
  I saw that. I thought, "Hey, I could be a grammar nazi here." Then, I thought, "Yeah, but why be a douche?" Then, I found your post. So, yeah . . . whatever . . .
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
2. Re:Someone got on their case by eksith · 2013-02-09 05:47 · Score: 2
  
  I don't know about confirmation bias, but I've hidden scores so I can focus more on the crux of the message vs. catering to some perceived acceptance. You should try it too so you won't be needlessly aggravated over a number in a database.
  And the IE6 support until 2014 makes my argument still valid I.E. A large percentage still uses it, which makes every vulnerable user potentially drafted into a bot army. And botnets, last I checked, are still considered a threat to NS.
  
  --
  If computers were people, I'd be a misanthrope.
3. Re:Someone got on their case by Ralish · 2013-02-09 07:38 · Score: 4, Informative
  
  The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security)...
  It's being patched because IE6 shipped with Windows XP and MS guarantees they will support the version of IE that was shipped with a given release of Windows for the support lifetime of that Windows release. Windows XP is supported into 2014, so Internet Explorer 6 on Windows XP is as well. This is not a secret.
4. Re:Someone got on their case by smash · 2013-02-09 16:16 · Score: 1
  
  In other words, blame all the "you'll prise XP from my cold dead hands" blow-hards.
  
  --
  I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
Excellent summary! by YrWrstNtmr · 2013-02-09 02:37 · Score: 5, Funny

...57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
and
No word on whether IE 10 will be included as part of the 57 updates.

Did you even read what you wrote?
1. Re:Excellent summary! by rjr162 · 2013-02-09 02:45 · Score: 2
  
  Re-read.. part of the updates are patches, including patches for IE 10, BUT its not known if one of the updates is the actual upgrade to IE 10 its self... was that so hard to understand? (I realize it could have been worded it a bit better, but it's still not hard to figure out)
2. Re:Excellent summary! by jones_supa · 2013-02-09 02:49 · Score: 1
  
  I wonder if you did not read it.
  
  IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates.
  It's talking about IE 10 being released for Windows 7.
3. Re:Excellent summary! by YrWrstNtmr · 2013-02-09 03:06 · Score: 1
  
  I get it. But as you say, it could have been worded a bit better.
Re:Microsoft is advising users to stick with other by djmurdoch · 2013-02-09 02:40 · Score: 4, Informative

The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS.
ZDNet = Garbage by Anonymous Coward · 2013-02-09 02:54 · Score: 2, Informative

They are 12 vulnerabilities and 57 patches across all their operating systems. 2 are critical.
Re: Microsoft is advising users to stick with othe by Anonymous Coward · 2013-02-09 03:03 · Score: 1

"The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS."
Just as well timothy picked it up in editing. Oh, wait...
Microsoft Dynamics is a POS by tepples · 2013-02-09 03:15 · Score: 1

Not being able to actually uninstall your POS
Even Microsoft admits that its software is a POS.
But seriously, I've rescued several failed Windows PCs by replacing the OS with Ubuntu. Retraining casual users from Windows to Xubuntu isn't as hard as some people claim.
1. Re:Microsoft Dynamics is a POS by s7uar7 · 2013-02-09 03:51 · Score: 2
  
  "Hey tepples, I've just bought an iPhone but can't get iTunes to install on that PC of mine that you fixed. Could you come round and take a look please? I'm also having problems getting Netflix to work; could you take a look at that too, please? "
2. Re:Microsoft Dynamics is a POS by jones_supa · 2013-02-09 04:18 · Score: 1
  
  But seriously, I've rescued several failed Windows PCs by replacing the OS with Ubuntu. Retraining casual users from Windows to Xubuntu isn't as hard as some people claim.
  I still don't like the idea of shoving Linux down the throats of clueless people when their PC breaks. What if they need to use Office, play some random game, use a new piece of hardware, or if the system upgrade leaves the computer in an unbootable state. They will be less likely to get fucked under Windows in such cases.
3. Re:Microsoft Dynamics is a POS by gQuigs · 2013-02-09 04:25 · Score: 1
  
  Yea.. I tell them what the pros and cons are before I give them a PC (with Ubuntu or Windows). Do iPhones really still need software installed on the PC? I thought they finally got better than that?
  For Netflix I would say: there is currently a way to play Netflix but it is not supported by Netflix officially and I wouldn't depend on it as your only way to play Netflix.
  http://www.omgubuntu.co.uk/2012/11/how-to-use-netflix-on-ubuntu
Re: Microsoft is advising users to stick with othe by Runaway1956 · 2013-02-09 03:36 · Score: 1

"excites their target audience into high levels of self-congratulatory mental masturbation?"
Mental? Why would you throw such an extraneous word into that statement?
'Scuse me, I gotta get strokin'!

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Re: Microsoft is advising users to stick with othe by tgd · 2013-02-09 03:40 · Score: 1

"excites their target audience into high levels of self-congratulatory mental masturbation?"
Mental? Why would you throw such an extraneous word into that statement?
'Scuse me, I gotta get strokin'!
Well, I'm assuming its hard to franticly reply on Slashdot in one window, and surf 4chan in another, with one hand occupied.
Re:"stick with other browsers" by Runaway1956 · 2013-02-09 03:44 · Score: 1

You can't exactly "uninstall" the browser, but you can remove it from the installation media, thereby preventing it's installation. But, you knew that, right?
http://www.nliteos.com/
It's been years since I used this, but it worked great back then!

--
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
exciting by hraponssi · 2013-02-09 03:51 · Score: 2

First Oracle releases patches for 50 Java vulnerabilities, now Microsoft does better with 57 for IE. Who will be the first to go over 60 in the competition?
In any case, it seems we are doomed as far as security on the Internet goes. Kinda depressing.
1. Re:exciting by jones_supa · 2013-02-09 04:21 · Score: 2
  
  Who knows, maybe they are just paying attention to security and actually fixing their shit.
2. Re:exciting by bruce_the_loon · 2013-02-09 04:54 · Score: 1
  
  He's obviously got 107 zero-day attack vectors all lined up for a Valentine's Day massacre and Oracle patched away most of them and MS is gonna kill the rest come Tuesday.
  
  --
  Trying to become famous by taking photos. Visit my homepage please.
Re:IE 6? by sbditto85 · 2013-02-09 03:56 · Score: 1

Why is this down voted?!? as a web developer I wish IE 6 would disappear into a deep dark recess and never come out! For the site I develop we stopped supporting it ages ago and instead post a banner that basically says "HEY! STOP IT! Upgrade or get a different browser you ninnys" ... something like that if I remember right.
Re: Microsoft is advising users to stick with othe by fibonacci8 · 2013-02-09 04:15 · Score: 1

Do not tempt Rule 34.

--
Inheritance is the sincerest form of nepotism.
Re:IE 6? by Billly+Gates · 2013-02-09 04:20 · Score: 1

Why is this down voted?!? as a web developer I wish IE 6 would disappear into a deep dark recess and never come out! For the site I develop we stopped supporting it ages ago and instead post a banner that basically says "HEY! STOP IT! Upgrade or get a different browser you ninnys" ... something like that if I remember right.
It pretty much has. Not even microsoft's website works properly in it anymore and if MS abandons it you can consider it effectively dead for all but specialized internal apps.
With VMWare and Citrix as well as WIndows Server 2003 you can virtualize and run your crappy app inside a modern browser. There is no good business case to use it on a desktop anymore as it is in the realms of legacy x3270 terminal programs now. May it RIP.
That is why it is modded down.The last place I seen it used was in 2011 on a desktop. IE 8 on the otherhand will be the next big challenge as corps use only that version because it is a stopover between XP and WIndows 7 and yuo can prey IE 8 off their cold dead heands.

--
http://saveie6.com/
Re:Internet Explorer 6? by Osgeld · 2013-02-09 04:54 · Score: 2

so it still performs just as well as when it was released?
Such a user can re-buy Windows by tepples · 2013-02-09 05:17 · Score: 1

What if they need to use Office, play some random game, use a new piece of hardware
Such a user can buy a copy of Windows to replace the copy on the restore disc or restore partition that he admits having lost. When deciding whether to install Windows or Xubuntu for a family member, I make sure to ask what applications the user most commonly uses, and then I weigh that against whether or not the user has the install media and certificate of authenticity for a supported Windows operating system handy. And by "supported" I mean both whether or not the operating system is compatible with the hardware and how long until the announced end of life. For example, I'd consider Windows XP unsupported because security updates will end in 14 months.

or if the system upgrade leaves the computer in an unbootable state
How is this less likely to happen in an upgrade from Windows XP to Windows Vista, from Windows Vista to Windows 7, or from Windows 7 to Windows 8, than in an upgrade from (say) Ubuntu 10.04 to Ubuntu 12.04?
1. Re:Such a user can re-buy Windows by jones_supa · 2013-02-09 05:49 · Score: 1
  
  Such a user can buy a copy of Windows to replace the copy on the restore disc or restore partition that he admits having lost. When deciding whether to install Windows or Xubuntu for a family member, I make sure to ask what applications the user most commonly uses, and then I weigh that against whether or not the user has the install media and certificate of authenticity for a supported Windows operating system handy. And by "supported" I mean both whether or not the operating system is compatible with the hardware and how long until the announced end of life. For example, I'd consider Windows XP unsupported because security updates will end in 14 months.
  Just install Windows 7 from a Digital River image and use Daz Loader. Illegal but practical. Ethically this should be fine as the user most likely paid the Windows tax when he bought the computer.
  
  or if the system upgrade leaves the computer in an unbootable state
  How is this less likely to happen in an upgrade from Windows XP to Windows Vista, from Windows Vista to Windows 7, or from Windows 7 to Windows 8, than in an upgrade from (say) Ubuntu 10.04 to Ubuntu 12.04?
  I meant applying the everyday updates, not a major version upgrade.
2. Re:Such a user can re-buy Windows by tepples · 2013-02-09 06:50 · Score: 2
  
  Have you ever actually performed a larger update of Ubuntu?
  You mean like 9.10 to 10.04 to 10.10 to 11.04 to 11.10 to 12.04 on my laptop, or 8.04 to 10.04 on my web development workstation at work? Those went fairly smoothly, with a few (solvable) hardware-related issues that were not much bigger than the typical issues after a major Service Pack on Windows.
3. Re:Such a user can re-buy Windows by tepples · 2013-02-09 09:52 · Score: 1
  
  I meant applying the everyday updates, not a major version upgrade.
  I've never had (the GUI equivalent of sudo sh -c 'apt-get update; apt-get upgrade; reboot' cause boot failure in over four years.
4. Re:Such a user can re-buy Windows by jones_supa · 2013-02-09 11:08 · Score: 1
  
  Ok, maybe it actually isn't that bad than what I thought.
5. Re:Such a user can re-buy Windows by geminidomino · 2013-02-09 21:55 · Score: 1
  
  I never bothered going from version to version since way back when they said the best approach was a wipe and reinstall.
  I can say this though: Ubuntu's attitude as of Precises still seems to be "Fuck you if you're going from LTS to LTS."
Re:Internet Explorer 6? by Billly+Gates · 2013-02-09 05:24 · Score: 1

You are wrong Osgeld. You need to see IE in action.

--
http://saveie6.com/
Editorial standards are for lamers by Ralish · 2013-02-09 07:28 · Score: 4, Informative

At least, I assume that is the prevailing attitude on Slashdot these days? Let's see:
IE Patch to Fix 57 Vulnerabilities
No, as per the linked Security Bulletin Advance Notification a total of 57 vulnerabilities are being fixed across Windows, Internet Explorer, Office & the .NET Framework. There are not 57 vulnerabilities exclusively in Internet Explorer as the title suggests. We can likely further expect certain vulnerabilities to only be applicable to certain versions of Internet Explorer once the full details are available.
Microsoft is advising users to stick with other browsers until Tuesday
Source?
...when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
No, as noted above, the vulnerabilities are across a variety of products. Further, 13 "patches" (aka. updates or bulletins if you prefer) are being released as multiple vulnerabilities are often patched in a single update. As per the linked bulletin, there are two bulletin's being released for Internet Explorer, which would typically result in two updates for Internet Explorer for a given Windows installation. Of course, there'll be many different updates released for different versions of IE and architectures (ie. 32-bit/64-bit/etc...) but a given Windows installation shouldn't have more than two applicable to it.
No word on whether IE 10 will be included as part of the 57 updates.
Apart from the explicit reference to Internet Explorer 10 being affected by at least some of these vulnerabilities in the linked MS Advance Notification? Have you tried reading the very articles you post? I'm reliably informed it helps comprehension.
Are the editors trying to set a new record for inaccuracies within a small paragraph of text?
We don't need no stinking... by Chordonblue · 2013-02-09 08:49 · Score: 1

Patches, you say? What about SP2 for Win 7? Other than making us move to Win 8, is there a good reason why I should have to d/l 250+ MB on a clean install? A roll up for .NET 4 would be in order as well...

--
"...Well, there's egg and bacon; egg sausage and bacon; egg and spam; egg bacon and spam; egg bacon sausage and spam..."
1. Re:We don't need no stinking... by aa_trna_syn · 2013-02-09 15:53 · Score: 1
  
  Definitely. Would be even better after this next Patch Tuesday. Don't see it happening, though.
Microsoft advising what? by gtirloni · 2013-02-09 15:52 · Score: 1

"Microsoft is advising users to stick with other browsers until Tuesday"

I see.

--
none
Microsoft reminds me of the food company Heinz now by acid_andy · 2013-02-09 21:30 · Score: 1

57 Varieties - of vulnerability!

--
Your ad here.
Re:So What ? by geminidomino · 2013-02-10 09:34 · Score: 1

All of which is absolutely useless if you consider that the most common use case for LTS is for servers, and "wipe and reinstall" means a lot more downtime than would be necessary if the upgrade process wasn't utterly braindead.