Microsoft plans quick fix for IE.

[User Name]

Microsoft is due to issue a patch to fix a security flaw believed to have affected as many as 10,000 websites.
The emergency patch should be available from 1800 GMT on 17 December, Microsoft has said.
The flaw in Microsoft's Internet Explorer browser could allow criminals to take control of people's computers and steal passwords.
Internet Explorer is used by the vast majority of computer users and the flaw could affect all versions of it.
So far the vulnerability has affected only machines running Internet Explorer 7.
"Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers," the software firm said in a statement.
"Until the update is available, Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com/protect, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available," the statement read.
Potential danger
According to Rick Ferguson, a senior security adviser at security firm Trend Micro, the flaw has so far been used to steal gaming passwords but more sensitive data could be at risk until the security update is installed.

"It is inevitable that it will be adapted by criminals. It's just a question of modifying the payload the trojan installs," he said.



IE Sucks


Source

 

[RCuber]

yes ofcourse IE sucks, but there are lot of people who have no other option as they are unaware about the alternatives.

 

[ravi_9793]

IE users, refer here:
*www.microsoft.com/technet/security/Bulletin/MS08-dec.mspx

 

[RCuber]

^^ Thanks for the link Ravi
PS: will get in touch with you once I get free from my tasks

 

[chandru.in]

Any news on when they'll fix or replace their crappy rendering engine for intranet sites?

 

[MetalheadGautham]

My motto: Never be satisfied with defaults till you have seen every nook and corner of every software bundled with the OS. And being a frog in a well is propably the worst thing that can happen IMO.

At first I was apprehensive about Firefox, but a few minutes after installing it and starting to use it, I can still recollect cursing IE6 for its horrible performance a couple of years back. Recently, when I used IE7, I hardly noticed a difference. It actually dials back home to microsoft to enable you to set preferences. What a horrible anti-privacy measure is that ?

 

[Pat]

Its on bbc now
*news.bbc.co.uk/2/hi/technology/7784908.stm

 

[avadhesh]

may be google has done this to promote its chrome

 

[freshseasons]

How quick are the quick fix i wonder.
Bat an eye lid and internet explorer is sure to miss the corner and fall.
I think its about time that Microsoft starts bundling Firefox with Operating System.May as well save us the time of downloading it.
Nah ! I dont think this will ever happen. But only if wishes.....aah

 

[victor_rambo]

What difference does it make? Any person here who has the slightest of experience in web-designing and web-development know how indifferent our average users are.

Many still use IE 5 and expect world from it. Idiotic clients come running to me and tell that my work is defective because it does not work on their 4 yr old IE. I have to waste my valuable time to make these people understand basic things. Then too, these oxymorons want 'second opinion'.

If you give them trojan horse and tell them that it will increase your windows speed, many will be over-joyed and few may even die of massive myocardiac ischaemia.

But why am I telling this? Only to make you realize that no matter how many bugs or holes IE has, its never gonna die.

In India, only the techies are taking this thing seriously. Others are still engaged in their work as usual. How many of your site visitors know that firefox, opera, linux, macintosh even exist?

 

[iMav]

Is it only IE that has holes?

 

[victor_rambo]

Is it only IE that has holes?

I am amazed that you never explored your anatomy. May be you addicted to the internet a bit too much. Now you need reference web-pages for such things too. Too bad.

 

[chandru.in]

Is it only IE that has holes?

The whole Bit9 list is bullshit. It is some new kid in he block trying to gain too much importance by crowing loud non-sense.

"Contains at least one critical vulnerability". What happens when multiple products have same number of vulnerabilities. Now there are other products like VMware with same number of bugs but fall farther in the list.

For JRE, it says solution as "Upgrade to 7.4" what crap is that? Sun is yet to finalize specs for Java 7 where did 7.4 come up from? Should someone really care about a so called security report which can't even get version numbers right?

Point 5 & 6 talk about not being patched and updated centrally by admins. This is a bloody fault of the OS why blame the application for that? For example, Ubuntu gives a perfectly valid way to deploy and update any application centrally by admins. If Windows lacks it, blame the OS. I don't understand why MS SMS & WSUS (whatever they are) cannot manage centrally deployment of FF, Flash, etc if at all they can handle non-MS apps.

Also, even if IE and any other browser have same level of vulnerabilities on Windows, cracking IE can have more serious consequences due to its super tight integration with the OS.

Even apart from security, IE is the crappiest browser in the market. It wastes several hours of web developers' productivity daily.

 

[victor_rambo]

Don't you know iMav?....speak of anything(even if its not Windows ) and he will come up with a bunch of controversial links. Earlier, I used to take all his links seriously. I would religiously read through all the linked pages. Ultimately, my wife give me a ultra-strong dose of much-needed medicine so that I would spend more time with her.

Damn these unmarried mavericks can't empathize with married people like us.

 

[chandru.in]

Don't you know iMav?....speak of anything(even if its not Windows ) and he will come up with a bunch of controversial links.

My reply was more to explain that stupid report. Esp the one related to Java was too funny to resist.

 

[victor_rambo]

Do you know that I don't know even a bit of Java?

 

[chandru.in]

Do you know that I don't know even a bit of Java?

You really don't need to understand Java to find it funny that, a so called security expert says n.4 version is a fix for a vulnerability when the specification for n.0 major release it yet to be finalized by the vendor.

 

[iMav]

I see. So basically every other piece of code that you so called "hacking gurus" & "geniuses" use is not vulnerable at all. AWESOME! I am all ears to what this super-protected un-hackable, no-vulnerability software that you guys use? Please enlighten us so married genius.

@Chandru.in chances are parts of that report might not be completely accurate, but I haven't come across as many links of basking the link as the ones endorsing it. So I would take it as is & continue using FF without wetting my pants over how use-less IE is according someone.

besides Rohan you talk of how many people know about opera & this and that? how many people have been affected by the various other loop-holes that have existed and fixed in the past?

 

[victor_rambo]

besides Rohan you talk of how many people know about opera & this and that? how many people have been affected by the various other loop-holes that have existed and fixed in the past?

It looks like you are either being paid secretly by Microsoft to post all this or you are trying to impress the HR manager of Microsoft to get a job of spokeperson at that company.

Else, any person in his right state of mind will agree to evidence presented by experts in their field.

I dont want to go into the question of who is affected how much by using what software because I beleive my time and energy is to be used more wisely and not in mundane debates and pointless link-collecting.

I have NEVER claimed that any open source or else software is free from bugs.

Its like:
using IE is like getting bashed by 10 guys,
Using FF is like getting bashed by 2 guys.

Now what you choose is upto you........basically, iMav, you love the software vendor, not what the software does and how it does. But I like what the software does and how it does, I have no time to love vendors.

 

[Pat]

Damn these unmarried mavericks can't empathize with married people like us.

[OT] You married ? [/OT]