Author Topic: New Patch for Serious IE Flaw  (Read 1964 times)

worker201

  • Global Moderator
  • Member
  • ***
  • Posts: 2,810
  • Kudos: 703
    • http://www.triple-bypass.net
New Patch for Serious IE Flaw
« on: 18 December 2008, 01:44 »
http://www.microsoft.com/technet/security/bulletin/MS08-078.mspx

They barely ever come out and say exactly what the flaw is or what it does, but this one seems to be pretty serious.  It's a "publicly disclosed" vulnerability, which probably means it was first publicized on Slashdot or something, and it affects all versions of IE back to 5.  Basically, if you're running Windows 2000 or later, you're affected.

In the FAQ section of the above document, they anticipate questions about older versions of IE.  The response: "It should be a priority for customers who have older releases of the software to migrate to supported releases".  Meaning "If you're using IE4, you're shit out of luck".  Which is to be expected - I would laugh hysterically at anyone using IE4, even back when it was the current version.

davidnix71

  • Member
  • **
  • Posts: 760
  • Kudos: 501
Re: New Patch for Serious IE Flaw
« Reply #1 on: 18 December 2008, 04:54 »
It's a very old flaw. It's a buffer overflow exploit that allows the attacker to upload and run code on the affected machine.
Only later Windows running IE with limited privileges are "relatively safe."

The flaw is the one I mentioned in another post about Homer Simpson and the zombie network. It is being widely used now to steal passwords and such, so MS was pressured to fix it immediately.

Simons-Photography

  • Newbie
  • *
  • Posts: 1
  • Kudos: 0
    • The Rotaract Club of Rushden
Re: New Patch for Serious IE Flaw
« Reply #2 on: 21 December 2008, 19:29 »
yet its firefox that gets to be tops in the list of unsecure software, typical, anyone running IE is a nut, the only thing I use it for is for BBC's iplayer because it dosen't seem to run on firefox and not even IE-64, I've already given them a peice og my mind and got the expected no reply
www.RushdenRotaract.org.uk - Make a difference having fun together

www.simons-photography.com

Lead Head

  • Global Moderator
  • Member
  • ***
  • Posts: 1,508
  • Kudos: 534
Re: New Patch for Serious IE Flaw
« Reply #3 on: 22 December 2008, 02:21 »
Welcome. I wouldn't say firefox makes t he top of every unsecure list, but many websites count firefox's vulnerabilities multiple times because it is multi-platform.
sig.

SiMuLaCrUm

  • Member
  • **
  • Posts: 817
  • Kudos: 143
  • OMGWTFBBQ
Re: New Patch for Serious IE Flaw
« Reply #4 on: 22 December 2008, 16:27 »
It only figures M$ would take this long to fix something...
Proudly posted on a computer

_ZeroBeta

  • Newbie
  • *
  • Posts: 17
  • Kudos: 1
Re: New Patch for Serious IE Flaw
« Reply #5 on: 16 April 2009, 20:19 »
All the way back to Internet Explorer 5? That surprises me, even for Microsoft, and considering it was reported that this problem only affected versions 7 and 8. I'm thinking that this flaw is also why the browser often stops responding when it is used for long enough?
A computer user. Now with 20% less idiocy.