back to article Internet Explorer info leak festers for 2 years

For almost two years, Microsoft's Internet Explorer browser has been vulnerable to attacks that steal digital security tokens and other sensitive data, a security researcher said recently. Researcher Chris Evans said he alerted Microsoft to the information disclosure vulnerability in IE in December 2008. As of October 21, it …

COMMENTS

This topic is closed for new posts.
  1. William Boyle

    Yours truly, from Microsoft

    This sounds like Microsoft-Speak for WDGAS (we don't give a s**t)...

    1. Lyle Dietz

      Alternatively

      DILLIGAF - do I look like I give a f***

  2. Stu 18
    FAIL

    the problem with microsoft

    Maybe they have intelligent people working at MS, hard to say, certainly, by enlarge you can't tell 'by the fruits'.

    The problem is execution. The marketing droids get wound up, the preachers get preaching, but no one has bothered to sit down and objectively use the 'thing', so out flows another pile of turd, so many 'if onlys' have been missed, I find it impossible to imagine what they actually do there apart from dilbert meetings and firefighting.

    1. Andy Shaw
      Badgers

      "By enlarge"

      <rant type="pedantic">

      I assume you mean "by and large". It's an old nautical term implying that a ship could sail into the wind ("by the wind") as well as when the wind was behind the ship (or "large").

      It's a pretty common mistake, so as long as you don't say anything about intensive purposes I'll let you off.

      </rant>

  3. FuzzyTheBear
    Coat

    As always with " them "

    "They" do know how to make us all warm and fuzzy inside and reassured that our data is safe with them and that the boys have only our best interrests in mind and that they really are looking out for us. Yes .. right ,if it wasn't important .. why did mozilla fix it ? giggles ?

    Moving right along folks ... Usual bs. time for a pint ..

  4. iamapizza

    Yesbutnobut

    >We are not aware of any attacks seeking to exploit this issue

    Surely the point of an exploit is that *nobody* is aware?

  5. Mines a pint
    WTF?

    same logic as microsoft

    Most companies seem to apply the same logic as Microsoft when fixing bugs, if its not shown to be dangerous then they will fix it if they can be bothered, but if it give people an easy way of doing things it becomes a feature. Dangerous could be because it’s being exploited or because it’s been talked up and makes them look bad, becoming a feature could be because someone has said it looks cool or a lot of people use it.

    It’s the same logic that generally pervades society, think smoking. It’s bad for you we all know that, but is not banned (fixed) because lots of people smoke and some think it looks cool, so smoking has become a feature of society, admittedly one that’s being slowly retired.

    So Microsoft has a bug that they’ve know about for 600 days, but its not that dangerous so they haven’t fixed it. If it gets talked up it may become dangerous and be fixed now stop whining that the big nasty man didn’t immediately run around like a headless chicken when you sent him a letter

  6. Christian Berger

    That's nothing

    There still is a remote code execution bug in IE since the mid 1990s. You can make the browser execute ActiveX applets.

    1. Anonymous Coward
      Boffin

      RE: That's nothing

      Just another couple of entries on the long, long list of security holes in MS software. They really need to get a grip of themselves!

  7. Anonymous Coward
    FAIL

    EDITOR & Dan Goodwin

    Please DO NOT post direct links to active POC pages,

    if you have to, then at least post a warning.

    That one caused looping javascript alerts.

    Had to kill firefox.

  8. John I'm only dancing
    FAIL

    Berks

    "We are not aware of any attacks seeking to exploit this issue and will update customers if that changes."

    So that's alright then.

  9. Lewis Mettler 1
    Stop

    buying IE

    Why fix IE if you are forced to buy it anyway?

    And you were forced.

    If you can not see the link between being forced to buy a product and its quality, you do have a problem.

  10. mhenriday
    Thumb Down

    Mussolini (Microsoft) ha sempre ragione

    or, for the linguistically impaired, «Mussolini (Microsoft) is always right». Given the firm's arrogance and the nature of its business practices, one can't help wondering how long it will be before Microsoft comes to its appointment in Giulino di Mezzegra....

    Henri

  11. Anonymous Coward
    Anonymous Coward

    "by enlarge"

    Hooray for a lovely eggcorn.

  12. OffBeatMammal

    what version(s) of IE?

    just wondering... is this IE6 legacy or an IE8 feature?

  13. 32holes
    Thumb Down

    This is.......

    the exact reason i am going open source OS now as well (linux).

    I have been using Mozilla for years now and the-i-cant-be-bothered-with-you-little-petty-people-who-find-vulnerabilities attitude is what is going to drive M$ down teh drain.

    There was a vulnerability found and left open for a very long time because they did not deem this vulnerability to be a vulnerability. This was probably exploited in the wild as well.

    Microsoft, you left this open. I trust you, not so much anymore now that i am learning linux more and more, to fix this crap and when you slap us like that we will leave in droves.

    I only use IE when i cannot use particular functions of firefox. For instance, i could not log into my ISP and pay my bill online prior to using this site since i have nearly all security add ons you can find and they tend to interfere with secure pages.

    M$ does not care about yor data security. For me it started with the BHO in IE exploits that were driving me mad. Then came all the friggen virii. And now we have "bugs' left open for exploitation for years.

    Yeah, i love you M$. Not.....hello linux.

    While linux also has it problems they are not as widepread. I read, probably here, about a repository of one distro being infected not so long ago and it was not discovered for two years. But at least i do not have to worry about M$ virii anymore.

    M$ has crippled my XP now to the point where i get DEP errors simply when i transfer an .avi from dvd to hdd. What used to take me 2 min now takes 9 and i cant have that. That is what really made the decision to go open source for me since now M$ are just plugging holes and they do not care about what it does to the OS since it is an old OS. Bollocks, I paid for it so fix it right the right way.

  14. Henry Wertz 1 Gold badge

    The result of so-called "responsible disclosure"

    Title says it.. If this researcher had posted vulnerability info 2 years ago, Microsoft would have whined like a little baby, but fixed the bug then and there (more or less). Letting vendors sit on flaws just results in them not fixing them.

This topic is closed for new posts.

Other stories you might like