Microsoft urges users to upgrade IE6 and WinXP

[Hades]

Source: Ars Technica - http://arstechnica.com/microsoft/new...m_campaign=rss

Quote:

Microsoft is using a widely publicized flaw in Internet Explorer as a way to push users to upgrade both their browsers and operating systems.

On its Security Research & Defense blog, Microsoft explains that while IE7 and IE8 on Windows Vista and Windows 7 both include the flawed code that was exploited in the recent Chinese attacks on Google, the publicly published exploit code only works against IE6 on Windows 2000 and Windows XP. So the company is urging users to think about upgrading their version of IE, or even their OS (which also results in a newer version of IE).

"As you can see, the client configuration currently at risk is Windows XP running IE6," the blog post reads. "We recommend users of IE6 on Windows XP upgrade to a new version of Internet Explorer and/or enable DEP. Users of other platforms are at reduced risk. We also recommend users of Windows XP upgrade to newer versions of Windows."

Update: French and German governments issued IE security warnings: http://news.bbc.co.uk/2/hi/technology/8465038.stm

[socks]

MS should get ready for the complaints to come from businesses whose Intranet applications use "features" of IE6 and Sysadmins who insist on not updating because it would mean extra work for them.

Yeah.

[Buzzlord]

Finally!

Selfishly... hopefully this means we can stop coding our web sites for IE6 in the near future...

[Buzzlord]

Quote:

Originally Posted by socks

MS should get ready for the complaints to come from businesses whose Intranet applications use "features" of IE6 and Sysadmins who insist on not updating because it would mean extra work for them.

Yeah.

Haha, that is sure to happen.

Companies will also complain that their custom software doesn't work in an updated OS/browser.

How could they possibly have foreseen that technology would change?

[Hades]

My goal when starting this thread wasn't exactly bashing IE6, but to point out that members should be careful regarding to their security when using Microsoft products.

The problem is not only IE6, recently all the Microsoft browsers have been known for having serious security flaws. Even the German and French governments are encouraging their people to find alternatives to IE due to vulnerabilities. Check out the news from BBC: http://news.bbc.co.uk/2/hi/technology/8465038.stm

[alter-ego]

Fortunately I'm not too keen on IE anyway so hopefully I don't have to worry too much.

The one question I do have though is this, by "upgrading my version of IE or OS" this refers to just using the latest available version of XP with the latest security upgrades, yes?

[Hades]

I'm afraid they are recommending to upgrade to Windows Vista or 7, which have much improved security than XP even on sp3.

Some of the security measures used in Vista and 7 such as User Account Control (UAC), Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) are not possible to implement in XP through service packs due to their complexity and the fact that they would require core changes on XP.

If you are still on XP they recommend activating DEP which comes in SP2.

[socks]

What I was trying to convey was that MS is going to have a hard time getting users (especially business users) to upgrade, due to short sighted application developers. I never meant for my post to be a bashing thread.

[JennyRipley]

I think MS want their clients to update as the new version has resolved some issues of original one.

[alter-ego]

Quote:

Originally Posted by Hades

I'm afraid they are recommending to upgrade to Windows Vista or 7, which have much improved security than XP even on sp3.

Some of the security measures used in Vista and 7 such as User Account Control (UAC), Kernel Patch Protection, Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR) are not possible to implement in XP through service packs due to their complexity and the fact that they would require core changes on XP.

If you are still on XP they recommend activating DEP which comes in SP2.

I'll just turn on DEP for everything and deal with the program specific error messages as they occur. I'm just hoping this doesn't conflict with video drivers and stuff like that or this is going to be a real PITA.

Fine job MS

[DocC]

On a couple of forums, people are claiming that this is an effort by MS to mitigate the effects of France and Germany dissin' IE. Odd that nobody seemed to think that France and Germany might have made their announcements because of these vulnerabilities. People are always quick to suspect the worst.

I'm running XP-Pro, DEP enabled, and only use IE6 to briefly check display of new/modified pages. I'm using FF on line, and I'm thinking of changing to Opera.

[deepsand]

Quote:

Originally Posted by alter-ego

I'll just turn on DEP for everything and deal with the program specific error messages as they occur.

Hm-mm.

As I recall, the cited flaw allowed for DEP to be defeated.

[alter-ego]

Regardless, its MS's recommendation so it's better to do it than to not not that I really use IE anyway for anything other than viewing how my sites render after code changes.

[an0n]

To me it's funny how many people hate on Microsoft. Duh!

[HTMLBasicTutor]

Quote:

As of this writing, Microsoft is scheduled to release on Jan. 21 an update that fixes the Internet Explorer vulnerability behind the recent, highly publicized cyberattacks on Google and other major corporations.

Continued: Patch arrives for IE hole targeted by Chinese

[deepsand]

Details re. both the scope of the problem, the patch. etal., can be found at

http://windowssecrets.com/2010/01/21...ted-by-Chinese

[HTMLBasicTutor]

Quote:

Originally Posted by deepsand

Details re. both the scope of the problem, the patch. etal., can be found at

http://windowssecrets.com/2010/01/21...ted-by-Chinese

If you read the post above yours you would have seen this article was already referred to.

[deepsand]

Well, that's what happens when the e-mail alerts re. new posts to subscribed to threads fail to arrive.

The same thing happens at WPW, which coincidentally, uses the same forum platform as here.

BTW, other than the members at what was once Woody Lounge, you're the first that I've run into that reads Windows Secrets. Do you recall Brian Livingston when he was writing for PC/Computing, PC World, Windows Sources, and Windows Magazine?

[HTMLBasicTutor]

Quote:

Originally Posted by deepsand

Well, that's what happens when the e-mail alerts re. new posts to subscribed to threads fail to arrive.
...
BTW, other than the members at what was once Woody Lounge, you're the first that I've run into that reads Windows Secrets. Do you recall Brian Livingston when he was writing for PC/Computing, PC World, Windows Sources, and Windows Magazine?

I have no problems receiving email notices for subscribed threads, check your settings.

I was subscribed to Gizmo's Support Alert before they merged with Windows Secrets in July 2008.

[deepsand]

Quote:

Originally Posted by htmlbasictutor

I have no problems receiving email notices for subscribed threads, check your settings.

For both boards, it's an intermittent problem; which are, of course, the most difficult to diagnose.

As for Gizmo's, I'd not heard of it until said merger.

Been working with computers since 58/59, and I'm still amazed by the no. of resources that I stumble upon that have been around for years without my knowing of them. Well, at least I don't have to worry about running out of stuff to read!