Microsoft flings out emergency patch for Iatest gaping IE hole

"IE 9 has been available since March 2011"

If you're running vista or above, many corporate environments still have large collections of XP (occasionally older) machines.

Unfortunately,

there are *still* large companies - and I can, but won;t, name two of them (no names, because the info comes from a friend who's under an NDA on this!) whose IT departments have their heads so deeply buried in the sand that they still require all their desktops to run IE7.

The problem lies not, unusually, with the users in these cases, but with the IT Honchos who are still living in the 70s, and who think a VAX may well be the cutting edge in corporate computing!

Still, hats off to MS for this patch, it's nice to see them taking this seriously.

Neatly attacks the corporate/government assets

Thankfully IE's usage is dying on its backside, my logs are showing it at 24% and falling each month.

The problem is that big corporates and governments still use IE because of their standard builds, based upon Win XP and glacial slow update cycles. These environments rarely allow modern browsers, so IE usage on these estates will be 100%. This is a gift for the bad guys who can exploit IE with impunity. Once Microsoft patches this hole, it just leaves the rest of the IE sieve to patch.

It's really a failure of the IT department governance. But they're driven by policy, which is developed by the organisation which is run by people who've no idea what IT is... Such a sad state of affairs.

XP users at risk

I try to avoid using IE as much as possible, sadly there are still one or two sites out there that don't work properly unless viewed in IE.

Also Microsoft took the (purely commercial?) decision not to make IE 9 and above compatible with Windows XP - the only one of the major browser makers to ostracise this OS which is still on around 40% of the world's PCs.

I still run XP on my laptop because there seems little point 'upgrading' the OS when I'd have to reinstall everything and the 'upgrade' would want more resources.

As someone who develops websites I really wish IE would just crawl away and die, would make my life a whole lot simpler.

Is this a legit patch? SSL failure here

Is it just me or is there something funny about the authenticity of this page. Other SSL on microsoft.com are signed by a different CA and don't have this problem.

https://technet.microsoft.com/en-us/security/bulletin/ms13-008

I get "unknown CA".

Why does patching IE need a reboot?

I just tried the patch on one of my test machines and was surprised to find that it demands a reboot after applying. WTF does a browser patch need a reboot?

I am now trying to schedule my Windows, Adobe and Avast updates together as the reboot cost on a lot of machines is just too expensive.

The quality of Microsoft coding is more than suspect. Win8's quality will not be any better with the pressure of keeping up with Apple, Android and Linux. With both Arm and X86 platforms to support simultaneously I suspect that the quality problem is going to be much worse in the future.

At least the Linux systems rarely need a reboot :-)) I need a strong coffee.