back to article MS to issue emergency patch for potent IE vuln

Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies. The software maker has said that real-world attacks against the browser continue to be "very limited" and that they're effective only against version 6, which was …

COMMENTS

This topic is closed for new posts.
  1. Bob Gateaux
    Thumb Up

    Fine newses

    Here we see why I so often am telling not to use the Firfox. With IE I know I will see this mend as soon as we know of the hole and here we see it as I predict.

    With Firfox we would be always reading about further delays to the latest version and he leave us open to the abuses for various extra months.

    1. John Angelico
      Joke

      you're not listening...

      [Moriarty] You're not listening Grytpyppe!

      [Thynne] Hmm? Oh, er, I was just reading this advertisement on the back page of my suit. "Wanted: One Genuine Charlie for software development. Apply Microsoft."

    2. Anonymous Coward
      Anonymous Coward

      One wonders

      if you're the sort of guy who can get Cake?

      Or you watched 'The Wild Party' and called out "Where's the bolleau!"

    3. Bob Gateaux
      Happy

      Make me laughs

      Bob laugh how so many fanfox vote him down but not make resonable arguement as why they do it.

  2. Neal 5

    Good

    Reasonable, balanced and fair, and makes some points well worth taking notice of.

  3. Anonymous Coward
    Alert

    IE6, IE7, IE8 and FF

    We've seen a real rise in infections the last few days - Ive personally "fixed" about 7-8 machines with similar infections (using a combo of Malware Bytes, Hijack This, AVG, Defender and Spybot - not one seems to get them all). Targeted machines have been using IE6, IE7, IE8 and one just using FireFox... Its getting nasty out there. The only commonality between these systems is that they are all running Windows XP SP3.

    So far, we've not seen a Windows 7 system hit but I'm sure thats coming soon.

    AC because of, well... work.

    1. AndrueC Silver badge
      WTF?

      Too true

      I operate a white list email system and I've noticed that over the last year more and more addresses are having to be blacklisted. Either companies are feeling the recession pinch and selling their address books or else trojans/viruses are getting past people's defenses. I even started getting spam at the address I used to register Avast so even so called security experts are not immune.

  4. Chad H.

    So....

    Will MS be withdrawin the "Upgrade to 7 or get hacked" advice?

  5. Ammaross Danan
    FAIL

    @AC

    I must also echo the lament of having to use multiple Anti-whatever softwares to attack these problems (however each has merit in its own use). With IE8 at least, I've seen a marked decrease in the "auto-executing"-type malware and it seems to come down to a process of:

    "Your computer have a Virus!!! Click here too remove!!" (misspell intentional btw) -> User click "OK" -> downloading.... -> Run / Save / Cancel -> Click: Run -> Windows: "Are you sure you want to run this executible?" -> Click: Yes, I'm sure (are they ever? REALLY??) -> BOOM! Virus.

    Really, now it is just coming down to end-user computer dummy-mode (read BOFH for that wonderful episode) where they are just clicking "yes" to everything. So, end-user fail (hence the icon).

    1. Anonymous Coward
      Anonymous Coward

      KVM

      Mostly because of the above example of active user cooperation in getting machines infected, I have virtualised the Windows machines in the office.

      They now run the Windows boxen under KVM in snapshot mode, so users can only do so much damage by their compulsive habit of installing malware. As soon as they log out, the machines revert to a known-good state. The data is kept in a separate SMB server which amongst other measures, removes everything from it except for a pre-approved list of MIME types at 10-minute intervals.

      And as a side effect of virtualisation, now the Windows sessions run on multiseat machines at about 25% the power and 35% the cost of the old setup. Not to mention that by snapshooting I have eliminated 99% of non-malware related maintenance :)

      1. Anonymous Coward
        Thumb Up

        Which only leaves one question:

        what the hell do you do all day?

      2. Anonymous Coward
        Anonymous Coward

        @KVM AC

        Or, you could have just setup your users' access levels and permissions to the local machine correctly.

        1. Anonymous Coward
          Anonymous Coward

          User Privileges

          a) They have that too, of course. Both at the virtual and physical levels.

          b) However that still leaves you open to privilege escalation attacks, which don't impress me. On the other hand an exploit which knows it's running inside a VM snapshot and knows how to break out of it would have my unabated respect.

          c) I could not do the multiseat stuff without the VMs (efficiently)

          d) If any physical machine croaks it, promoting a standby one is a matter of hauling it in, and waiting however long it takes to copy a few Gb of VM image, with a maximum loss of 20 minutes worth of work (which given the punters productivity rates...)

  6. Anonymous Coward
    FAIL

    No confidence in Google?

    "The previously unknown IE vulnerability was used to compromise PCs used by Google"

    So Google are using i.e. and not Chrome?

    Clearly they think their own product is shit and prefer to use someone elses.

  7. Anonymous Coward
    Pirate

    Hmmm...

    I have in the past worked in some of these areas specifically research of vulns.

    Rest assured China and other parties have a bank of zero day exploits. They will only choose another withdrawal from the list when they are good and ready with their new malware or bot net configuration...

    and cycle begins again.

  8. Henry Wertz 1 Gold badge

    reasonable argument

    "Bob laugh how so many fanfox vote him down but not make resonable arguement as why they do it."

    Fine, I will...

    1) With IE, Microsoft only releases patches on "patch Tuesday" unless they decide it's REALLY high profile, directly contradicting your statement that with IE they mend holes as soon as they are found. They sit on fixes to bundle them on patch Tuesday, and in some cases they've made an excellent case for public disclosure, knowing about holes for months or more but not patching them until they are publicly disclosed or there's exploits in the wild.

    2) The NEW version of firefox is being delayed, but the current one is updated rapidly.. Version 3.6 keeps getting delayed, but I'm running 3.5.7, they find a security hole, a new 3.5.x comes out within like a day or two.

  9. Anonymous Coward
    Anonymous Coward

    I've discovered the best patch

    I've discovered the best patch, - it's to wipe the drive and install another OS, there are many options: Leopard, GNU/Linux (many flavors), Haiku, Reactos, NetBSD,.... there's plenty of pretty headache-free options out there. Are any bulletproof? No, but compared to windows which is like riding out a tornado in a balsa wood house, these at least have some concrete and re-bar in them.

This topic is closed for new posts.