Emergency IE patch goes live as exploits proliferate
Microsoft released an emergency security update for all versions of Internet Explorer on Thursday as attacks exploiting a critical vulnerability in the widely used browser spread to hundreds of websites. The patch fixing the IE vulnerability used to penetrate the defenses of Google and other large companies came as anti-virus …
"To use this site, you must be running Microsoft Internet Explorer 5 or later. "
oh well. Knew my iPhone was safe :P
should read The Reg a bit more carefully sonny.......
Now what browser does the civil service use?
The British govt's IT security is wide open.
..along with their mouth, their arse but not their eyes or ears.
I know IE is a piece of utter garbage but many companies have internal apps that need it.
Just make sure the proxy on IE is set to a proxy that wont let it out into the real world.
And if the management need facebook get them a proper non IE browser and point it at a different proxy.
Why the fucking fuck does an update to a browser require a system restart? One single update to an application, and the whole system needs to be rebooted! Please tell me that in Windows 7 this is achieved without a reboot.
Not only does Windows 7 require a reboot, but it kindly does it on your behalf. Mine helpfully rebooted shortly after 3am this morning - still trying to unpick how far through a batch of video encodes it got.
Wouldn't be so bad if I didn't have a bootable linux USB plugged in at the time. So wasn't even Windows that restarted but Ubuntu. Maybe I should leave it that way...
You can change how updates are applied to your windows installation dont you, I mean this stuff has only been around for a few years now.
You can tell Windows to do everything automatically (the default so all the plebs dont miss out) or you can tell it to do it when you tell it to do it or never or a mixture of all 3 if you like.
http://windows.microsoft.com/en-GB/windows-vista/Understanding-Windows-automatic-updating
http://windows.microsoft.com/en-GB/windows-vista/Change-how-Windows-installs-or-notifies-you-about-updates
that on a semi-regular basis the updates that Automatic Updates applies will reset the settings of the system resulting in the "default" automatic download, install and reboot setting magically reappearing? I mean, this has only been happening for a few years now.
I've been using Windows update since it came out and I have never seen my settings changed (they aren't on default) I have also never heard of anyone else who has had their settings change. Are you sure about your statement?
We've had it happen on our machines, when it was set to download only but went ahead and rebooted.
See also here, especially the comments:
http://www.emailbattles.com/2006/02/08/vuln_aacfhddccc_de/
And here, noting the acknowledgement by Microsoft of reports from their users:
http://arstechnica.com/microsoft/news/2007/10/bug-in-automatic-updates-forces-install-reboot-for-windows-users.ars
So yes, I'm sure thanks.
Fair enough, I just tend to be a bit suspicious about claims where I've never seen or heard of the problem. I stand corrected.
Last night i went to the security section & clicked the "For IT professionals" link to be greeted by a bulletin dated November 2009.
Nice that MS are up with the hunt on this one.
I just hacked into someone elses computer using the IE vuln and was able to post this comment...
That'll be why Windows had rebooted this morning. "Windows restarted after successfully applying a patch"
Windows 7 - I thought we were done with this sh1t Microsoft!
I bet that dates generated automatically too!
I am running IE8 on Windows 7 in Protected Mode. So I never had any worries of getting infected. But it's good to see MS releasing a patch so quickly.
Quickly ?!? They *sat on it doing nothing* for *3* months, and would have carried on doing *nothing* if no one had caught them out. Compare to what goes on in the FOSS world, for instance, where things are fixed in days.
To use this site, you must be running Microsoft Internet Explorer 5 or later.
Normally using Firefox but need IE6 due to emailing & faxing software.
Also it wants to update my updater (no way am I installing WGA spyware) - I just want to download the IE6 fixes. Searched around - nothing.
What a useless bunch.
Yes, YOU are a useless "bunch", MJI. "no way am I installing WGA spyware" *snore* is that because you're running a dodgy copy of Windows? No? So why are you so bothered by it? You can put your tin foil hat down now, get into the real world, stop being stupid and download whatever updates Windows Update needs.
Idiot.
Too many false positives - some of the other computers in our office run it and the users have had to contact MS to be able to use their OWN PC.
I would rather not have the bother.
It is to do a job, not keep calling MS.
My PC so I'll use it for what I want to do - WRITING CODE!
Sign up, sign up for The Register's weekly IT security newsletter - click here
