Microsoft issues warning for IE6, IE7 security hole

[Justin]

Users of Internet Explorer will want to take note of a warning Microsoft posted today, as the company has discovered a vulnerability in several versions of the browser. Redmond has indicated that the new exploit could affect IE6 and IE7, but users of IE8 were immune -- another good reason to upgrade. The flaw is dangerous, potentially resulting in system compromise.

Symantec provided some details on the flaw, suggesting it is within CSS handling. It isn't considered to be widespread and hasn't been seen much, if at all, in the wild -- likely to "unreliability". A more "reliable" version of the exploit is likely in the works, Symantec claims, so protecting yourself sooner rather than later is a good idea. Like many browser-based flaws, it requires little user interaction to spring itself; merely visiting a compromised website is enough to become infected.

A patch does not yet exist for the flaw, though there is nothing stopping IE6 or IE7 users from upgrading to IE8. Whether or not this flaw is urgent enough for Microsoft to provide a fix out of cycle remains to be seen.

Permalink to story.

https://www.techspot.com/news/37073-microsoft-issues-warning-for-ie6-ie7-security-hole.html

 

[Didou]

It's probably for reasons like these that my work has adopted a two-browser policy.

IE6 is used for the Intranet which is old & almost hand tailored for IE6 & would probably take a lot of time/money to overhaul completely.

For everything on the outside, they've installed Firefox Portable.

 

[Timonius]

Yes, businesses are going to want to rethink their dependancy on IE6 (and dependancy on a single browser period). It always good to build your intranet with proper standards (valid html, css, xml, etc) and THEN select a secure browser, and be ready to upgrade the browser as needed. The newer version of whichever browser you use should be 'backwards' compatible or have a legacy mode that allows for easeier use of intranets designed on older standards.

 

[Guest]

WHAT? A security hole in IE 6? No way!

 

[Puiu]

Another security flaw that took microsoft many years to fix (how many years are there from the release of ie6 to ie8)

 

[kimsland]

IE6 is used for the Intranet which is old & almost hand tailored for IE6 & would probably take a lot of time/money to overhaul completely.

You mean like Windows Updates ?
No no, Windows has made it easy to update online. As for "hand tailored" yes I remember spending weeks (if not months) on Windows NT Server environment, until all was perfect. Thank god Windows 2K got released just as everything started faulting (note this was mainly old hardware faulting )

Yes good idea, time to update from IE6 I feel It has been a few years now

 

[ET3D]

kimsland said:
You mean like Windows Updates ?

Huh? What does Windows Update has to do with upgrading an old IE6 intranet to work in a newer browser?

 

[Razerblade]

Im surprised its taken this long to find it looking at how long IE6 has been out. Well this should help IE8 get more market share over 6 and 7 if everyone upgrades. However, how many standard PC users are going to know they need to upgrade to IE8?

 

[kimsland]

Huh? What does Windows Update has to do with upgrading an old IE6 intranet to work in a newer browser?

Oh, you're suggesting no Internet I think
So Didou, best to get Internet setup, as there may be malwares on those computers that need scanning with an updated Antivirus software.

Or maybe, his Intranet has also got Internet connection (possibly at the Server?)
He could download IE8 from there

 

[apatewna]

People should realise by now that while new security holes are discovered in borwsers and OSes, they shouldn't rush in and directly criticize the software company that produces them.

Since MS products sport a tremendous userbase, it's the "premium target" for exploits and hacks, while other "not-so-popular" software houses, are not attacked that much.

Also, continuous code audit is what makes a piece of software security-solid and this has been proven true with OpenBSD operating system.

Above all, security holes or not, remember to use your computer wisely. Be aware of the dangers that lurk either through use of the Internet or (for example) by that overeager friend who disables your antivirus/security to install the hack/crack/keygen/whatever for that new game you cant help but drool over.

As for my opinion about that recently discovered flaw, I must admit that I can barely "assimilate" all the info that a web browser window can offer me. More than often I find it hard to read the text I want, things shouldnt be so complicated.

Simpify web browsers and you'll get a light platform to perform your daily task of information gathering/sharing, not to mention that it would be easier to get arround severe security issues at the code level.

 

[Didou]

Security updates are applied on a regular basis, mostly during the night when everybody has logged off & the less bloated corporate edition of Symantec Anti-Virus is also updated almost day by day.

There's no way that Intranet is going to be changed any time soon though.

 

[ET3D]

kimsland, I think you just don't understand the situation. Companies have built internal applications based on IE6. These applications break under newer browsers, because they were built with IE6 as a target. Updating them to work under IE8 is a lot of work, especially when the people who created them in the first place are no longer working at the company (not that they're likely to remember what they did years ago even if they do).

So the solution at the company where Didou works is quite common: using IE6 for the internal apps, and using a newer browser for internet access.

 

[yorro]

I looks like MS ain't that committed to its legacy softwares.

 

[LightHeart]

We use IE8 were we can however like many companys we are forced to use IE 6 due to legacy compatiblity. Of course Microsoft created this mess in the first place by using proprietary browers in attempt to win the browser wars, which they did do at the time. Until applications are able to use IE8, Firefox, etc. we will continue to have these issues.

 

[DelJo63]

YES IE* uses a proprietary DOM which makes DHTML coding browser specific.
Really DOA in my opinion. Great motivation to listen to the W3C and code to the standards of the internet -- Also sufficient to force a move to Opera or Firefox.

As for those legacy applications buit on MS; Shame to the CIO that allowed that choice.

 

[Didou]

Well a lot of business were strong armed. Bundling IE with Windows meant it had a market share that couldn't be ignored by software developers & so they targeted the browser installed on most machines, in this case IE.

 

[paynetrain007]

Firefox + addblock + noscript = win

 

[DelJo63]

Well a lot of business were strong armed. Bundling IE with Windows meant it had a market share that couldn't be ignored by software developers & so they targeted the browser installed on most machines, in this case IE.

which was totally unnecessary

 

[fref]

Remember that there was an article published recently that said there were more security holes discovered in Firefox than in Internet Explorer in the last year or something like that. Every piece of software has flaws, it's just more publicized when that software is used by a majority of people.

 

[Didou]

which was totally unnecessary

Well I believe the whole battle started by the Department of Justice against Microsoft started with such a sentiment as well.

 

[GACrabill]

I didn't get a sense from this article about how easy it will be for this vulnerability to be taken advantage of by those fools that do such things.

No fix yet, but will there be dozens of viruses being propagated thru this exposure before there is a fix ?

I have converted lots of friends and family to IE8 but I would appreciate knowing if this will be a very rare exposure potential for most users or a very serious problem within a month.