Microsoft has issued a temporary fix for a high-profile Internet Explorer 8 vulnerability. This is the bug linked to recent targeted attacks against web pages accessed by nuclear weapons research teams at the US Department of Labor website. The Fix It, released late on Wednesday, is designed to offer a temporary block against …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Thursday 9th May 2013 11:56 GMT Shagbag

I'm tired of this typical MSFT marketing crap.

From the voice of the monopolist: "Customers should apply the Fix It or follow the workarounds listed in the advisory to help protect against the known attacks while we continue working on a security update"

...or use a different browser.

8 5
1. Thursday 9th May 2013 12:31 GMT Anonymous Coward
  
  Re: I'm tired of this typical MSFT marketing crap.
  
  "...or use a different browser."
  
  A different browser like Chrome and Firefox?
  
  Maybe you need to read the Secunia 2012 Vulnerability Review. Out of the 50 most used programs (including Windows), Google Chrome and Mozilla Firefox were in first and second place for programs with the most vulnerabilities. And most of these vulnerabilities were rated by Secunia as either 'Highly critical' (78.8%) or 'Extremely critical' (5.3%).
  
  http://secunia.com/vulnerability-review/vulnerability_update_top50.html
  
  2 4
  1. Thursday 9th May 2013 13:55 GMT Anonymous Coward
    
    Re: AC, 12:31
    
    Shhhh, the freetards are venting! The last thing they need is facts!!
    
    1 5
    1. Friday 10th May 2013 03:43 GMT Wzrd1
      
      Re: AC, 12:31
      
      "Shhhh, the freetards are venting! The last thing they need is facts!!"
      
      ROFLMAO!
      
      I've long said, the world is lousy with sinners and sparse on saints.
      
      Such as run <platform not Windows> and browser, ignoring the living hell out of browsers are lousy overall for security overall and loaded with security bugs...
      
      Run <platform not Windows> anyway. It fixes the bugs of something outside of its damned platform by magic!
      
      0 1
  2. Thursday 9th May 2013 14:03 GMT Shagbag
    
    AstroTurfing Alert
    
    Is 'AC' a psuedonym for Microsoft Employee of the Month?
    
    That report is old. I also noticed the results from CanSecWest 2 months ago - another MSFT FAIL!
    
    3 2
    1. Thursday 9th May 2013 14:33 GMT Anonymous Coward
      
      Re: AstroTurfing Alert
      
      "Is 'AC' a psuedonym for Microsoft Employee of the Month?
      
      That report is old. I also noticed the results from CanSecWest 2 months ago - another MSFT FAIL!"
      
      Hmm. Accuses ACs of being shills. Ends posts with "FAIL!" Why not just call yourself Lamb Chop and see whether anyone gets it?
      
      0 4
    2. Friday 10th May 2013 03:46 GMT Wzrd1
      
      Re: AstroTurfing Alert
      
      So, the OS fixes all BROWSER fails?
      
      No, it doesn't. It merely shifts the target slightly.
      
      The most prevalent platform gets the tonnage of hits.
      
      Indeed, I recall a recent attack that was incredibly well documented, which is ignored by the non-M$ platform community of vagrants.
      
      Want a hint? Apply for a job and tell me that Linux or *BSD is the cure, you'll go without employment, as would a M$ platform evangelist. I look for a bit of common sense and *real* knowledge before someone gets a position.
      
      0 2
  3. Thursday 9th May 2013 15:43 GMT Destroy All Monsters
    
    HERP DERP I have muh statistics!
    
    > Google Chrome and Mozilla Firefox were in first and second place for programs with the most vulnerabilities
    
    Dontcha mean the most disclosed or discovered vulnerabilities?
    
    Why anyone still goes near a browser from MiSFiT is a mystery. Maybe because it comes with free Silverlight?
    
    3 1
    1. Friday 10th May 2013 03:48 GMT Wzrd1
      
      Re: HERP DERP I have muh statistics!
      
      "Why anyone still goes near a browser from MiSFiT is a mystery. Maybe because it comes with free Silverlight?"
      
      Or, it comes with the most used OS on the planet, like it or not.
      
      Had someone fired for using a server to read his webmail once, after I walked in on him doing so.
      
      OK, he wasn't fired, he was transferred to someplace unpleasant called Iraq.
      
      0 3
2. Thursday 9th May 2013 16:49 GMT Tom 13
  
  Re: I'm tired of this typical MSFT marketing crap.
  
  If you don't know the root cause of the exploit, it might not be sufficient to be using a different browser so long as IE8 is installed. This is the huge technical mistake MS made in their legal anti-trust fuster cluck all those years ago: the IE components are still part of the OS and therefore accessible to other apps even if you aren't actively using them. I'm assuming the other versions aren't vulnerable because they've replaced the vulnerable files as opposed to some other improvement (like sandboxing) in the browser itself.
  
  1 0
Thursday 9th May 2013 12:04 GMT John Sanders

Typical MS behaviour.

They create their own hell.

Had they decoupled IE from the rest of the OS (A restriction which is largely artificial) XP Laggards could just deploy IE9 and MS would have to only maintain a single version of IE. (The latest one.)

5 2
1. Thursday 9th May 2013 12:35 GMT Anonymous Coward
  
  Re: Typical MS behaviour.
  
  "MS would have to only maintain a single version of IE. "
  
  Wow thank you for your enlightenment.
  
  Thank god the whole world is running on the very latest version of FF, Chrome, Iron and Opera, on the very latest version of <insert any os>, that way they don't have to maintain the older versions and check for backward compatibilty.
  
  1 5
2. Thursday 9th May 2013 12:37 GMT Anonymous Coward
  
  Re: Typical MS behaviour.
  
  "XP Laggards could just deploy IE9 and MS would have to only maintain a single version of IE"
  
  Think you'll find 10 is the latest with 11 in progress. But still, lets not let a rant get in the way of facts.
  
  0 2
  1. Thursday 9th May 2013 13:25 GMT Anonymous Coward
    
    Re: Typical MS behaviour.
    
    I don't think he said it was the latest version did he.
    
    The point I think being made was that MS artificially blocked IE9 from being installed on XP to force users to go to Windows 7 - the fact that the latest version is now IE10/11 is irrelevant (as IE9 does not have the vulnerability). So it was an MS decision to limit XP users to IE8 that is causing a problem - as XP users cannot just upgrade to IE9. Result - more XP users move to Chrome/FF etc as IE8 becomes more vulnerable (and this will happen more and more in the future).
    
    MS need to realise that people wont (and didn't) upgrade an OS just to get a updated browser - they are (and were) more likely to use a different browser completely.
    
    4 0
    1. Thursday 9th May 2013 13:59 GMT Anonymous Coward
      
      Re: MS artificially blocked IE9 from being installed on XP
      
      yeah, and windows 95 and ME! Bastards! They should obviously support all old versions of windows and ie so we can then moan on about how out of date and insecure their products are...
      
      0 2
      1. Thursday 9th May 2013 14:19 GMT Anonymous Coward
        
        Re: MS artificially blocked IE9 from being installed on XP
        
        no, man we too busy moaning about how out of date and insecure their current products are :)
        
        can't you distinguish between a genuine reason for a software instance not running on a system, and an artificially created reason?
        
        0 1
      2. Thursday 9th May 2013 15:22 GMT mark l 2
        
        Re: MS artificially blocked IE9 from being installed on XP
        
        The difference is that Windows ME and 95 are not in support with Microsoft anymore and haven't been for years, where as XP was still being sold on new PCs up until late 2009 and is still receiving security updates until next April, yet they chose not to back port IE9 or later versions of IE to XP in the naive belief that people would go out any buy Windows 7 to get a new browser and not just download FF, Chrome, Opera etc which all of which their latest versions still work on XP.
        
        2 0
    2. Thursday 9th May 2013 16:54 GMT Tom 13
      
      Re: force users to go to Windows 7
      
      Actually it was Vista. I'll grant you Vista was nearly as bad as ME and therefore people like to forget about it, but we shouldn't forget about it.
      
      1 0
      1. Friday 10th May 2013 03:53 GMT Wzrd1
        
        Re: force users to go to Windows 7
        
        "Actually it was Vista."
        
        Funny, her at home, I have two Vista machines. Each, equally poorly behaved.
        
        I *really need* to get them upgraded to 7.
        
        8 is totally off. Go to that, might as well upgrade to Solaris. ;)
        
        0 0
3. Thursday 9th May 2013 12:37 GMT ubergeek
  
  Re: Typical MS behaviour.
  
  By not updating IE for XP, it's another "Cricket bat around the head" to move users away from XP and spend more money on WIN 8.
  
  2 0
4. Thursday 9th May 2013 16:51 GMT Tom 13
  
  Re: A restriction which is largely artificial
  
  Yes, it is largely artificial. But it is legally binding. Which is of course the bitch when you game the legal system.
  
  0 0
5. Friday 10th May 2013 03:50 GMT Wzrd1
  
  Re: Typical MS behaviour.
  
  True! Why bother educating developers, we can simply shift OS and all is good.
  
  Save, that reality reads otherwise.
  
  But, hyperbole and platform evangelism is true, factual reports are not.
  
  Well, on the planet Stupidia, in the Morania cluster...
  
  0 2
Thursday 9th May 2013 12:26 GMT Vimes

When will they get around to fixing that WPAD flaw in IE that leaves user open to attack?

1 0
Thursday 9th May 2013 15:15 GMT ecofeco

MS Fail?

Sounds more like security at the organization failed.

1 0
1. Friday 10th May 2013 03:54 GMT Wzrd1
  
  Re: MS Fail?
  
  "Sounds more like security at the organization failed."
  
  Only on days that end in "y" in English... :/
  
  Still, it's job security!
  
  0 0
Thursday 9th May 2013 16:59 GMT TheVogon

"When will they get around to fixing that WPAD flaw in IE that leaves user open to attack?"

Back in 2007: http://technet.microsoft.com/en-us/security/advisory/945713

1 3
1. Thursday 9th May 2013 17:47 GMT Vimes
  
  If you had seen my previous posts then you would have realised that I was not actually referring to that issue. I suppose I should have been more specific though.
  
  1 0
2. Thursday 9th May 2013 17:50 GMT Vimes
  
  http://forums.theregister.co.uk/forum/1/2013/04/21/Vimes_Serious_WPAD_flaw_in_IE/
  
  1 0
3. Thursday 9th May 2013 17:54 GMT Vimes
  
  No mention of IE either in that article you linked to by the way. Did you just search for WPAD but not pay attention to the rest?
  
  1 0
4. Thursday 9th May 2013 23:59 GMT dephormation.org.uk
  
  WPAD
  
  WPAD exposes every Windows PC in the UK to the risk of browser hijack by the Brazilian owner of the wpad.co.uk domain.
  
  That security flaw is now enabled by *default*.
  
  Its a yawning, gaping,chasm of a security flaw and it is now enabled by default for most Windows PC users in the UK.
  
  1 0
5. Friday 10th May 2013 01:16 GMT dephormation.org.uk
  
  More info here
  
  WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users
  
  https://nodpi.org/2013/05/09/wpad-the-internet-explorer-security-flaw-that-exposes-all-microsoft-users-in-the-uk/
  
  1 0
  1. Friday 10th May 2013 04:01 GMT Wzrd1
    
    Re: More info here
    
    "WPAD: The Internet Explorer Security Flaw that Threatens all UK Microsoft Users
    
    https://nodpi.org/2013/05/09/wpad-the-internet-explorer-security-flaw-that-exposes-all-microsoft-users-in-the-uk/"
    
    Funny, I recall that best practices is to remove automatic proxy nonsense from the configuration. It is, here in the US and occasionally observed in corporate environments. Hell, even government environments.
    
    Is it *that* hard?
    
    0 2
    1. Friday 10th May 2013 14:09 GMT dephormation.org.uk
      
      Re: More info here
      
      Its not hard at all, once you're aware.
      
      The problem is the flaw is enabled by default and most people are unaware.
      
      0 0