Linked by Thom Holwerda on Thu 9th Jul 2009 19:33 UTC
Internet Explorer The past few days a newly discovered flaw in the Internet Explorer web browser has been making its rounds across the internet. The flaw allows people with malicious intent to install viruses or malware onto affected computers running Windows XP or Server 2003 (2000, Vista, and Server 2008 are not affected). Even though it was assumed this flaw was new, Microsoft was actually alerted of this issue a year ago.
Order by: Score:
not really anything new
by poundsmack on Thu 9th Jul 2009 21:20 UTC
poundsmack
Member since:
2005-07-13

MS has had many holes they have known about for long long periods of time that are fixed way after (or are at least made public way after). what i am corious about is if this is getting attention now, does that mean someone or somethings has been exploiting it?

Reply Score: 3

RE: not really anything new
by looncraz on Fri 10th Jul 2009 03:06 UTC in reply to "not really anything new"
looncraz Member since:
2005-07-24

From what I've read the exploit has been employed for about a month and has already taken some traction.

Not much more, could Google it... but I'm lazy...

Reply Score: 2

One year? Not too bad!
by 3rdalbum on Fri 10th Jul 2009 11:12 UTC
3rdalbum
Member since:
2008-05-26

If Microsoft was warned of this a year ago, that's not too bad.

Of course, I'm joking; if they were warned a year ago, then the problem should have been fixed 364 days ago. But look at Apple - they were warned of a particular dumb security problem four years before they fixed it. The infamous one; where Applescripts could tell setuid root programs to launch and "run a shell script" as root.

Reply Score: 2

RE: One year? Not too bad!
by bousozoku on Fri 10th Jul 2009 19:26 UTC in reply to "One year? Not too bad!"
bousozoku Member since:
2006-01-23

If Microsoft was warned of this a year ago, that's not too bad.

Of course, I'm joking; if they were warned a year ago, then the problem should have been fixed 364 days ago. But look at Apple - they were warned of a particular dumb security problem four years before they fixed it. The infamous one; where Applescripts could tell setuid root programs to launch and "run a shell script" as root.


Well, Apple didn't integrate Samba fixes for 2 years, right? It's surprising that they've put out security fixes for Safari 4, twice since it was released. That probably means that the iPhone version is hanging out in the open, but there are only a few million users, right?

Well, IE and WinXP make a powerful combination for looters anyway and almost always has. I can't count all the times the t.v. news was talking about identity theft as the user was videotaped using IE. The interesting thing about this one is that Win2000 isn't affected and that Vista isn't affected either.

Reply Score: 2

RE[2]: One year? Not too bad!
by BlueofRainbow on Sat 11th Jul 2009 01:20 UTC in reply to "RE: One year? Not too bad!"
BlueofRainbow Member since:
2009-01-06

Without being overly paranoid, was Microsoft using this "entry point" for its own purposes given that Windows XP has been its dominant business/end-user product for about 6-7 years now?

Reply Score: 1