Sign in / up

back to article Redmond promises IE8 patch is in the pipeline

Microsoft has announced it is working on a patch for a zero day Internet Explorer 8 vulnerability first identified seven months ago. Perhaps following a report by El Reg, Redmond said it will bake a patch for the flaw which allowed attackers to execute arbitrary code on computers running the older Internet Explorer version 8 …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. DrXym

    What is the risk of this bug really?

    I bet the % of users on XP using IE8 to browse the web are low single digits. Very few attackers are going to bother shaping an exploit for such a low reward.

    XP is end of lifed. Microsoft should advise users to upgrade, or use a different browser.

    0 2
    1. richardcox13
      Reply Icon

      Re: What is the risk of this bug really?

      > XP is end of lifed

      So what? IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7.

      4 0
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: What is the risk of this bug really?

        "and run Chrome or Firefox"

        Chrome is far worse than IE for number of security holes. Firefox is much better than Chrome, but still worse than IE.

        "IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7."

        Microsoft eventually require you to upgrade to the current service pack to continue to be supported. Support for Windows 7 RTM without service packs ended on 9th April 2013

        1 0
      2. DrXym
        Reply Icon

        Re: What is the risk of this bug really?

        "So what? IE8 is the default browser on a new install of Windows 7; thus its support ends with Win7."

        And this new install of Windows 7 would instantly put up a wall of updates that it urges the user to install. In the case of Windows 7 (or Vista) that would already have a viable fix - upgrade to a later version of IE. You would have to be an extremely unfortunate person to ignore these warnings, use the default IE and happen upon a site which exploits you.

        As I said, IE8 has low single digit % usage figures including Windows 7. This is not rich pickings for attackers. And I assume most people would have the sense to take heed of the warnings.

        It is XP users who are affected since there is no update for IE8 and none forthcoming. My opinion is they've had ample warning of the end of life of XP (and associated products including IE) and there are numerous upgrade options. If people choose to stick with XP then at least they should use another browser.

        0 0
  2. JPL

    The really helpful thing for MS to do would be to change the latest version of IE so that it is not prevented from running on XP. Mozilla can do it in Firefox, Google can do it in Chrome, but MS has made the decision not to - a misguided and pointless commercial decision rather than a technical one.

    2 0
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      No - that would be the worst thing that they could do. XP needs to die. More recent versions of Windows are much more secure by design.

      0 0
  3. Anonymous Coward
    Anonymous Coward

    Microsoft is getting really schizophrenic lately

    First they won't patch XP after the drop dead date, then they do. First they won't patch this, now they do. The million changes of direction for Xbox One.

    I guess the lesson is, if they say/do something you don't like, just wait a couple days and then read the Reg, and you'll find they've changed their minds.

    1 0
    1. Ken Hagan Gold badge
      Reply Icon

      Re: Microsoft is getting really schizophrenic lately

      Nah, the lesson is that the "XP is dead" party was so good that MS have only just sobered up and remembered that they have to keep the patches rolling for Server 2003.

      0 0
This topic is closed for new posts.

Other stories you might like