IE Patch To Fix 57 Vulnerabilities

← Back to Stories (view on slashdot.org)

IE Patch To Fix 57 Vulnerabilities

Posted by timothy on Saturday February 9, 2013 @02:24AM from the there's-a-sauce-for-that dept.

Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."

16 of 91 comments (clear)

Min score:

Reason:

Sort:

Why would the Java exploits be related? by thue · 2013-02-09 02:29 · Score: 4, Insightful

IE10 bundles Flash, so I guess the flash bugfixes can be related.
But IE does not bundle Java - why would the IE bugfixes be related to the Java bugfixes?
Microsoft is advising users to stick with other.. by ark1 · 2013-02-09 02:34 · Score: 5, Insightful

browsers. Where did you got this information? MS bulletin does not state that and I doubt MS would ever make such recommendation no matter how serious the bug was.
Someone got on their case by eksith · 2013-02-09 02:36 · Score: 5, Informative

The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security) which is a sure fire way to motivate companies to keep their software secure. I know it's not the favorite company here, but they fought (sometimes dirty) to get where they are. They made it and have to deal with the "now what?" phase. Software monocultures suck no matter who's culture it is.
What I found really interesting is that bulletins 7-9 and 11 are for escalation of privilege whereas the rest are for remote code execution. Which means, it may not have helped much to be logged in as an unprivileged user anyway.

--
If computers were people, I'd be a misanthrope.
1. Re:Someone got on their case by eksith · 2013-02-09 05:47 · Score: 2
  
  I don't know about confirmation bias, but I've hidden scores so I can focus more on the crux of the message vs. catering to some perceived acceptance. You should try it too so you won't be needlessly aggravated over a number in a database.
  And the IE6 support until 2014 makes my argument still valid I.E. A large percentage still uses it, which makes every vulnerable user potentially drafted into a bot army. And botnets, last I checked, are still considered a threat to NS.
  
  --
  If computers were people, I'd be a misanthrope.
2. Re:Someone got on their case by Ralish · 2013-02-09 07:38 · Score: 4, Informative
  
  The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security)...
  It's being patched because IE6 shipped with Windows XP and MS guarantees they will support the version of IE that was shipped with a given release of Windows for the support lifetime of that Windows release. Windows XP is supported into 2014, so Internet Explorer 6 on Windows XP is as well. This is not a secret.
Excellent summary! by YrWrstNtmr · 2013-02-09 02:37 · Score: 5, Funny

...57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
and
No word on whether IE 10 will be included as part of the 57 updates.

Did you even read what you wrote?
1. Re:Excellent summary! by rjr162 · 2013-02-09 02:45 · Score: 2
  
  Re-read.. part of the updates are patches, including patches for IE 10, BUT its not known if one of the updates is the actual upgrade to IE 10 its self... was that so hard to understand? (I realize it could have been worded it a bit better, but it's still not hard to figure out)
Re:Microsoft is advising users to stick with other by djmurdoch · 2013-02-09 02:40 · Score: 4, Informative

The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS.
Re:Seriusly? by jones_supa · 2013-02-09 02:43 · Score: 5, Informative

There seems to be a mistake in the summary. The ZDNet article says "With this in mind, users are advised to switch to another browser for the next few days until the updates are released." That seems like ZD's own recommendation, I couldn't find that from the MS security bulletins.
ZDNet = Garbage by Anonymous Coward · 2013-02-09 02:54 · Score: 2, Informative

They are 12 vulnerabilities and 57 patches across all their operating systems. 2 are critical.
Re:Microsoft Dynamics is a POS by s7uar7 · 2013-02-09 03:51 · Score: 2

"Hey tepples, I've just bought an iPhone but can't get iTunes to install on that PC of mine that you fixed. Could you come round and take a look please? I'm also having problems getting Netflix to work; could you take a look at that too, please? "
exciting by hraponssi · 2013-02-09 03:51 · Score: 2

First Oracle releases patches for 50 Java vulnerabilities, now Microsoft does better with 57 for IE. Who will be the first to go over 60 in the competition?
In any case, it seems we are doomed as far as security on the Internet goes. Kinda depressing.
1. Re:exciting by jones_supa · 2013-02-09 04:21 · Score: 2
  
  Who knows, maybe they are just paying attention to security and actually fixing their shit.
Re:Internet Explorer 6? by Osgeld · 2013-02-09 04:54 · Score: 2

so it still performs just as well as when it was released?
Re:Such a user can re-buy Windows by tepples · 2013-02-09 06:50 · Score: 2

Have you ever actually performed a larger update of Ubuntu?
You mean like 9.10 to 10.04 to 10.10 to 11.04 to 11.10 to 12.04 on my laptop, or 8.04 to 10.04 on my web development workstation at work? Those went fairly smoothly, with a few (solvable) hardware-related issues that were not much bigger than the typical issues after a major Service Pack on Windows.
Editorial standards are for lamers by Ralish · 2013-02-09 07:28 · Score: 4, Informative

At least, I assume that is the prevailing attitude on Slashdot these days? Let's see:
IE Patch to Fix 57 Vulnerabilities
No, as per the linked Security Bulletin Advance Notification a total of 57 vulnerabilities are being fixed across Windows, Internet Explorer, Office & the .NET Framework. There are not 57 vulnerabilities exclusively in Internet Explorer as the title suggests. We can likely further expect certain vulnerabilities to only be applicable to certain versions of Internet Explorer once the full details are available.
Microsoft is advising users to stick with other browsers until Tuesday
Source?
...when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
No, as noted above, the vulnerabilities are across a variety of products. Further, 13 "patches" (aka. updates or bulletins if you prefer) are being released as multiple vulnerabilities are often patched in a single update. As per the linked bulletin, there are two bulletin's being released for Internet Explorer, which would typically result in two updates for Internet Explorer for a given Windows installation. Of course, there'll be many different updates released for different versions of IE and architectures (ie. 32-bit/64-bit/etc...) but a given Windows installation shouldn't have more than two applicable to it.
No word on whether IE 10 will be included as part of the 57 updates.
Apart from the explicit reference to Internet Explorer 10 being affected by at least some of these vulnerabilities in the linked MS Advance Notification? Have you tried reading the very articles you post? I'm reliably informed it helps comprehension.
Are the editors trying to set a new record for inaccuracies within a small paragraph of text?