Recent Internet Explorer Flaw a Year Old

The past few days a newly discovered flaw in the Internet Explorer web browser has been making its rounds across the internet. The flaw allows people with malicious intent to install viruses or malware onto affected computers running Windows XP or Server 2003 (2000, Vista, and Server 2008 are not affected). Even though it was assumed this flaw was new, Microsoft was actually alerted of this issue a year ago.

The flaw was reported to Microsoft in 2008, and ever since, Microsoft has been working to get a fix out. At least, that’s what the security researcher who actually discovered the flaw said. He explains that the nature of the flaw is one that makes it difficult to fix. “The actual mechanics of the vulnerability aren’t standard and that’s kind of what took Microsoft so long,” he said, “They were definitely working diligently to fix the problem. It was more the nature of the flaw that took so much time.”

Apparently, Microsoft agrees with this viewpoint (surprise). “Not every issue is the same as far as the level of work we need to do to be comprehensive in making sure we fix not just the issue reported to us but any similar issues,” Microsoft’s Mike Reavey, director of the Microsoft Security Response Center, said, “If we release an update that breaks apps it doesn’t protect anybody because they won’t install it.”

A temporary fix is out now, so if you’re running Windows XP or Windows Server 2003, go to this page and click the big fix it button.

5 Comments

  1. 2009-07-09 9:20 pm
    • 2009-07-10 3:06 am
  2. 2009-07-10 11:12 am
    • 2009-07-10 7:26 pm
      • 2009-07-11 1:20 am