TechSpot

Microsoft issues warning for IE6, IE7 security hole

By Justin
Nov 23, 2009
Topic Status:
Not open for further replies.
  1. Users of Internet Explorer will want to take note of a warning Microsoft posted today, as the company has discovered a vulnerability in several versions of the browser. Redmond has indicated that the new exploit could affect IE6 and IE7, but users of IE8 were immune -- another good reason to upgrade. The flaw is dangerous, potentially resulting in system compromise.

    Read the whole story
  2. Didou

    Didou Bowtie extraordinair! Posts: 5,899

    It's probably for reasons like these that my work has adopted a two-browser policy.

    IE6 is used for the Intranet which is old & almost hand tailored for IE6 & would probably take a lot of time/money to overhaul completely.

    For everything on the outside, they've installed Firefox Portable.
  3. Timonius

    Timonius TS Booster Posts: 581   +32

    Yes, businesses are going to want to rethink their dependancy on IE6 (and dependancy on a single browser period). It always good to build your intranet with proper standards (valid html, css, xml, etc) and THEN select a secure browser, and be ready to upgrade the browser as needed. The newer version of whichever browser you use should be 'backwards' compatible or have a legacy mode that allows for easeier use of intranets designed on older standards.
  4. WHAT? A security hole in IE 6? No way!
  5. Puiu

    Puiu TS Addict Posts: 1,044   +94

    Another security flaw that took microsoft many years to fix (how many years are there from the release of ie6 to ie8)
  6. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    You mean like Windows Updates ? :D
    No no, Windows has made it easy to update online. As for "hand tailored" yes I remember spending weeks (if not months) on Windows NT Server environment, until all was perfect. Thank god Windows 2K got released just as everything started faulting (note this was mainly old hardware faulting ;))

    Yes good idea, time to update from IE6 I feel :D It has been a few years now :rolleyes:
  7. ET3D

    ET3D TechSpot Paladin Posts: 975   +31

    Huh? What does Windows Update has to do with upgrading an old IE6 intranet to work in a newer browser?
  8. Razerblade

    Razerblade TS Rookie Posts: 117

    Im surprised its taken this long to find it looking at how long IE6 has been out. Well this should help IE8 get more market share over 6 and 7 if everyone upgrades. However, how many standard PC users are going to know they need to upgrade to IE8?
  9. kimsland

    kimsland Ex-TechSpotter Posts: 18,353

    Oh, you're suggesting no Internet I think
    So Didou, best to get Internet setup, as there may be malwares on those computers that need scanning with an updated Antivirus software. ;)

    Or maybe, his Intranet has also got Internet connection (possibly at the Server?)
    He could download IE8 from there ;)
  10. apatewna

    apatewna TS Rookie

    People should realise by now that while new security holes are discovered in borwsers and OSes, they shouldn't rush in and directly criticize the software company that produces them.

    Since MS products sport a tremendous userbase, it's the "premium target" for exploits and hacks, while other "not-so-popular" software houses, are not attacked that much.

    Also, continuous code audit is what makes a piece of software security-solid and this has been proven true with OpenBSD operating system.

    Above all, security holes or not, remember to use your computer wisely. Be aware of the dangers that lurk either through use of the Internet or (for example) by that overeager friend who disables your antivirus/security to install the hack/crack/keygen/whatever for that new game you cant help but drool over.

    As for my opinion about that recently discovered flaw, I must admit that I can barely "assimilate" all the info that a web browser window can offer me. More than often I find it hard to read the text I want, things shouldnt be so complicated.

    Simpify web browsers and you'll get a light platform to perform your daily task of information gathering/sharing, not to mention that it would be easier to get arround severe security issues at the code level.
  11. Didou

    Didou Bowtie extraordinair! Posts: 5,899

    Security updates are applied on a regular basis, mostly during the night when everybody has logged off & the less bloated corporate edition of Symantec Anti-Virus is also updated almost day by day.

    There's no way that Intranet is going to be changed any time soon though.
     
  12. ET3D

    ET3D TechSpot Paladin Posts: 975   +31

    kimsland, I think you just don't understand the situation. Companies have built internal applications based on IE6. These applications break under newer browsers, because they were built with IE6 as a target. Updating them to work under IE8 is a lot of work, especially when the people who created them in the first place are no longer working at the company (not that they're likely to remember what they did years ago even if they do).

    So the solution at the company where Didou works is quite common: using IE6 for the internal apps, and using a newer browser for internet access.
  13. yorro

    yorro TS Enthusiast Posts: 245

    I looks like MS ain't that committed to its legacy softwares.
  14. LightHeart

    LightHeart TS Rookie Posts: 155

    We use IE8 were we can however like many companys we are forced to use IE 6 due to legacy compatiblity. Of course Microsoft created this mess in the first place by using proprietary browers in attempt to win the browser wars, which they did do at the time. Until applications are able to use IE8, Firefox, etc. we will continue to have these issues.
  15. jobeard

    jobeard TS Ambassador Posts: 13,400   +313

    YES IE* uses a proprietary DOM which makes DHTML coding browser specific.
    Really DOA in my opinion. Great motivation to listen to the W3C and code to the standards of the internet -- Also sufficient to force a move to Opera or Firefox.

    As for those legacy applications buit on MS; Shame to the CIO that allowed that choice.
  16. Didou

    Didou Bowtie extraordinair! Posts: 5,899

    Well a lot of business were strong armed. Bundling IE with Windows meant it had a market share that couldn't be ignored by software developers & so they targeted the browser installed on most machines, in this case IE.
  17. paynetrain007

    paynetrain007 TS Rookie Posts: 86

    Firefox + addblock + noscript = win
  18. jobeard

    jobeard TS Ambassador Posts: 13,400   +313

    which was totally unnecessary
  19. fref

    fref TS Enthusiast Posts: 153

    Remember that there was an article published recently that said there were more security holes discovered in Firefox than in Internet Explorer in the last year or something like that. Every piece of software has flaws, it's just more publicized when that software is used by a majority of people.
  20. Didou

    Didou Bowtie extraordinair! Posts: 5,899

    Well I believe the whole battle started by the Department of Justice against Microsoft started with such a sentiment as well.
  21. GACrabill

    GACrabill TS Rookie Posts: 47

    I didn't get a sense from this article about how easy it will be for this vulnerability to be taken advantage of by those fools that do such things.

    No fix yet, but will there be dozens of viruses being propagated thru this exposure before there is a fix ?

    I have converted lots of friends and family to IE8 but I would appreciate knowing if this will be a very rare exposure potential for most users or a very serious problem within a month.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.