-
- Neowin Hands-on: Windows Phone 7 review
- Did Google steal the Android logo from an Atar...
- Microsoft start advertising Internet Explorer ...
- New image of Windows Live Phone service appears
- Duke Nukem Forever...coming soon?
- Ping! iTunes goes social, Neowin goes mouse on
- Firefox 4 Beta 5 Lands
- Android now accounts for 25% of North American...
Microsoft investigating new Internet Explorer vulnerability in Windows XP
2010 hasn't seen a particularly good start to the year for Microsoft's flagship browser, Internet Explorer.
Microsoft officials are now warning that a new vulnerability has been discovered in Internet Explorer running on Windows XP. Secunia, a Danish computer security service provider, claims the vulnerability affects Internet Explorer 7 on a fully patched Windows XP SP3 system but that other versions may also be affected. Microsoft officials confirmed the flaw could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
Microsoft confirmed the issue involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what Microsoft refers to as “unsafe file types”. The file types are designed to invoke automatic actions during normal use of the files but can also be used by attackers to try and compromise a system. In a company blog posting on Sunday, Microsoft's Senior Security Communications Manager - Jerry Bryant, confirmed the company is still investigating the issue. "We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue," said Bryant.
Microsoft's Internet Explorer has had a rough start to the year:
January
The year started off badly when a vulnerability was unveiled after Google went public that they were targeted in a sophisticated cyber-attack. The breach, involving Internet Explorer 6, resulted in the theft of intellectual property. Both the French and German governments warned their populations to cease using Internet Explorer due to the un-patched flaw. The flaw was later patched in a rare out of band security update. If that wasn't bad enough a new flat in Internet Explorer was discovered just a day after the out of band patch.
February
If January was a month to remember then February certainly wasn't much better. At the beginning of the month a new vulnerability was discovered, affecting IE 5.01 and IE 6 on Windows 2000, IE 6 on Windows 2000 SP4 and IE6, IE7 and IE8 on Windows XP and Windows 2003. The software giant patched the flaw in a bumper patch Tuesday which contained 13 bulletins - five rated Critical, seven rated Important, and one rated Moderate - addressing 26 vulnerabilities.
Comments (28)
tunafish - 01 March 2010 - 23:04
Another reason to upgrade to either Vista or Windows Seven :)
still1 - 01 March 2010 - 23:07
or use other browsers like Chrome
tunafish - 01 March 2010 - 23:09
or use other browsers like Chrome
Or maybe not, i quite like IE8 and really hate it when people try and force me to change ya know.
opensuse - 01 March 2010 - 23:45
Or maybe not, i quite like IE8 and really hate it when people try and force me to change ya know.
So it's only okay if you tell people what to do, just like in your first post :)
Tekkerson - 01 March 2010 - 23:46
Nobody's putting a gun on your head and forcing you to change. IMO You should take it as a friendly suggestion ^_^. I always try to use the best as far as architectural changes and security in which my opinion is Chrome :). The #1 spot used to be Firefox, which I used religiously. But I don't care about companies or try to be a fanboy, just use what is considered to be the best out there :)
ajua - 02 March 2010 - 05:07
Microsoft should force users to upgrade to IE8 in XP and Vista, seeing the increasingly number of flaws.
ThaCrip - 02 March 2010 - 06:16
i think Chrome is probably more secure than Firefox mostly because it's not as popular.
because if you remember... Firefox seemed pretty secure when it was not as popular, but now that it is quite popular there's more and more security flaws discovered.
at the end of the day though... i still think Firefox is all around the best browser. because it seems with Chrome you basically get a quicker browser at the expense of RAM. but i guess on any PC with 2GB or more, the extra RAM use won't be a real issue.
but i think Firefox typically excels in the extensions dept. this is probably where it's beating pretty much all other browsers.
Edit (ThaCrip, 02 March 2010 - 06:17):rawr_boy81 - 02 March 2010 - 09:06
or use other browsers like Chrome
If you're still using Windows XP these days then quite frankly you should be tied to a pole and beaten without mercy. There is absolutely no reason these days to be running Windows XP.
gumol - 02 March 2010 - 20:04
You can't afford to upgrade. That's a reason to be using XP.
Frylock86 - 01 March 2010 - 23:19
More reasons to get off XP already!
Raa - 02 March 2010 - 00:06
Or just upgrade to IE8.
TRC - 02 March 2010 - 00:11
This. It's an IE7 flaw, not an XP flaw. Why are people even using that POS browser anymore?
Edit (TRC, 02 March 2010 - 00:13):Ci7 - 02 March 2010 - 07:39
This. It's an IE7 flaw, not an XP flaw. Why are people even using that POS browser anymore?
if read the article
IE6 through 8 are all affected in xp
+Chrono951 - 01 March 2010 - 23:20
I understand the idea of backward compatibility and familiairity, but this is the risk you take when you run an almost 9-year-old OS.
KavazovAngel - 01 March 2010 - 23:59
Upgrade to Vista / 7, please. :)
ZekeComa - 02 March 2010 - 00:08
Or just stop using Internet Exploiter ;)
Raa - 02 March 2010 - 03:02
You lose credibility when you say things like that. Are you a M$ fan too?
Just upgrade to IE8 if you need/want/like IE. End of story! :)
Jose_49 - 02 March 2010 - 00:22
There's no reason for upgrading, just change browsers, firefox is very good, and very user adaptable and friendly; opera too. Windows XP is very stable, fast and reliable, why change if there's not need to?
For me, what I'm suggesting is, that if you have a computer which runs great at Windows XP, and has some years old now, wait until you get a new PC. Else, upgrade if had Vista, or really like Windows 7.
Remember, not every country, person, state, city, province... has enough resources to keep expending on a new machine or OS. You may say that the price is very accessible, but not everyone can expend that much.
Or there may be other reasons, such as the wait for the next SP for Win7.
Edit (Jose_49, 02 March 2010 - 00:22):ZekeComa - 02 March 2010 - 00:39
For me, what I'm suggesting is, that if you have a computer which runs great at Windows XP, and has some years old now, wait until you get a new PC. Else, upgrade if had Vista, or really like Windows 7.
Remember, not every country, person, state, city, province... has enough resources to keep expending on a new machine or OS. You may say that the price is very accessible, but not everyone can expend that much.
Or there may be other reasons, such as the wait for the next SP for Win7.
Change because the goddamn thing is almost a freaking decade old. Why don't you go use Windows 98 SE? It's stabled? No you wouldn't be it's old. Oh let's lug it around for another 10 more years >.>
Then tell Microsoft to stop forcing people to build all these new machines every damn time a new release is made.
speedstr3789 - 02 March 2010 - 01:38
Change because the goddamn thing is almost a freaking decade old. Why don't you go use Windows 98 SE? It's stabled? No you wouldn't be it's old. Oh let's lug it around for another 10 more years >.>
Then tell Microsoft to stop forcing people to build all these new machines every damn time a new release is made.