It's all in the name

IE = Internet Exploitability

Of course M$ knew, at the time it was considered a feature. A flaw by design if you will.

But be fair to Apple, no one is using Java on Macs COCOA & Obj-C make Java a heap of pooh. No one, well except the likes of IE users on M$ ... every village has got its idiots.

trust me...

"If you use any flavor of Windows XP or Windows Server 2003, you should immediately hit this link and click on the Fix it icon to enable a workaround"

Brilliant. trust us, just click here and all your problems will be solved. Isn't that how half of the problems start in windows?

Conspiracy theorists unite

Fantastic - but isn't FBI in need of such bugs for installing CIPAV? And doesn't it have a power to issue gagging order against publishing the patch?

What do you expect from McdonaldSoft?

This is why I cannot trust my computers security to the Mcdonalds of the Software world,

Sure kids love them, they just have no idea about the hidden dangers of using their products ....

When the company can do more that flip CD's and say 'Have a nice day' I may be interested.

I bet Google would not allow such a serious long term vulnerability in their ChromeOS.....

Simply hilarious statement...

At the same time, Microsoft engineers "had to make sure that we didn't unintentionally kill something that did have a known use."

Which implies that there are 48 things in your PC that are there but nobody knows what they are used for? I'm sure that my Ubuntu box would be considered "bloated" if it included 48 things that nobody uses.

Sorry, I know that this is done in the sacred name of that backward compatibility thing. And yes, I know that probably some obscure intranet page in a corporation has been running untouched for the last 8 years. Of course, it works in IE6 only. And could break because of this fix. But sometimes you need to act for the benefit of the majority and ignore the possibility of being sued or creating a minor inconvenient in your corporate customers.

Reading the Binary Riot Act

And that article tells us that the problem is still not fixed and may even be unfixable, rendering the PC a Remote RobotIQ Host and the installed Operating System, the Undisclosed Covert Programs' Driver.

Or would that be likely Impossible/highly Improbable?

Reading all the waffle and prevarication excusing the inaction and hiding the System's inability to address the situation without having to replace the entire Operating System with a completely New and Different One was educational though. Thanks, Dan.

There are some who would say that to have correctly recognised the problem would allow one to provide a defensive solution to any future attack, and to provide a solution which would negate the need for Microsoft to rewrite their Operating System/Browser Unit, would be Worth a Large Fortune, which would be better MS Paid for Inhouse Defence, meThinks, than MS Lost to Proxy Attack, for at least then would it be an Added Extra Internal Investment rather than Crippling Catastrophic Increasing Liability.

However, the Stupidity of Man knows no Bounds, and Microsoft have a History of Monumental Arrogant Blunders/Odd Questionable and Oft Questioned Practices, so one can expect the strangest of things, to be able to happen. :-) ... but only one of them will be made of the Right Stuff.

[Bill will probably need to put his halo on for that decision]

'Tis true

I've had to fix bugs that should be one-line changes but end up being awfully hacky so that existing programs that use that library don't stop working.

C'est la vie

May I be the first...

not to welcome any sort of overlord, but say the first one to post "my OS is better than your OS" smells of wee.

Where are the other 4

49 CLSIDs??? Microsoft list only 45 on their workaround list - http://www.microsoft.com/technet/security/advisory/972890.mspx

@Daniel1

Theyre saying *chi ching* as they take the sacks of money to the bank that this has resulted in...

LOL Just had this discussion with a colleague - WIN

On buying a new laptop I came to the conclusion that I could not use a windows OS outside a VM. Ubuntu for security and ease of use and XP or Win7 in a vm if needed...

I had been considering a dual boot but borked at the thought of having to use and trust a MS OS bare to the internet.

My disscussion over the comparative benefits of Linux security was:

MS-Windows-IE:

Any file can be executed.

Cant trust MS to fix vulnerabilities - It could take a month!

Against MS's own interests to even admit to vulnerabilities.

No independent code review. (So you don't even know the total number of vulnerabilities).

Ubuntu-FF:

File Execute permission off by default.

Lots of ppl looking for vulnerabilities and huge pressure to fix them ASAP.

Not the target of most exploit code.

FF no ActiveX

Bottom line is trust and openness. But if anything it looks like I gave MS too much credit - A WHOLE YEAR!

WTF.

@Conspiracy theorists unite

Why would they go for MS-only IE exploit when you have Adobe flash to exploit on the majority of PCs (Windows, Linux and Mac)?

Damn, the are coming for me again...

No spare resource

As all the coders were busy sorting out the mess called vista and turning it into windows 7 is a more likely explanation.

FFS a whole year to patch, MS you are taking the piss and cannot be trusted to manage the source code.

Hold on a second

"mostly operated by legitimate organizations based in China. "

WTF??!! There are legitimate organizations in China??

Surely it aint so. I thought all Chinese organizations were government run and operated with turning out the cheapest product for the masses as the bottom line? Lets not forget the espionage angle as well. And the hacking. And the farming. And the oppressing of their own citizens.

ActiveX. Again.

I seem to remember that when M$ proposed the ActiveX "architecture", every unbought security expert threw up their hands in horror, screaming "DON'T DO THAT".

But M$ did do that, proclaiming (as always) that it was "what their customers were demanding", and that the benefits outwieghed the risks.

Permanent vulnerability was what their customers were demanding, clearly.

Well, it is Sastan's Spawn, isn't it ??

Surely you jest?

This reminds me of an aquaintance of mine; who AFTER getting nabbed for driving around in a stolen car for several days - he told the police that he wanted to report that his car had been stolen.

The copper said, "Surely you jest"......

Microsoft's wizard patches and "strong security" settings and all..... Microsoft is like having a 1000lb gorilla at the front door, while all the sneak thieves come in via the back door and the side windows and cellar, and they stick a gun up it's arse and pull the trigger..

It's security dept is run by 8th grade drop outs..... and the tech support is run by "off shore call centers".

After years of using really shonky microsoft OS's and software, and now having personally experienced just how EASY it it to have a system totally walked over by malware, I now REFUSE to have XP as an operating system on ANY net connected PC.

Internet Exploiter

Internet Exploiter, Internet Exploder.... Oh wait no it's crappy Explorer, lets have a moment to reflect on how many explorers went into the Jungle only to be eaten by the natives.

It's still not fixed

Making a Fixit available is no bleedin' use! Outside of carefully managed coporate environments, what proportion of the XP user base do you think will have heard of this problem and what proportion of *that* do you think will have taken the trouble to seek out and manually apply the fix?

If this is safe enough to release as a Fixit, it is safe enough to release on Windows Update, where it will be applied to a far wider user base and might actually do some good.

re: Hold on a second

you forgot the melemine laced milk and lead based paint used on toys

LOL