Just noticed over on PivX a surprising statement has now appeared, here's some of it;
As you know Microsoft has just released a new patch MS03-040, which renders several IE vulns obsolete. We are presently testing the efficacy of the vulns reported to be fixed & we can report that MS03-040 is doing the job it was intended to. Let’s just hope that users are diligent in applying the patch.
Recently, we have seen a sea change in Microsoft’s commitment to rid its IE browser of the vulns that PivX Solutions & other third party researchers have identified. Given Microsoft’s recent positive actions together with the current rise in attacks against IE we have agreed to give Microsoft a good faith reprieve & have taken down our ‘Unpatched’ page. This was done in both a spirit of cooperation & for the good of the internet as a whole. As the ubiquitous browser that is utilized to access the internet, we all depend on IE too much to have crooks, social deviants, malcontents & crackers from messing with our lifestyles & our livelihoods. ENOUGH IS ENOUGH!
Secondly, we are developing a mitigation utility tool that will act as a "Qwik Fix" to many of the IE vulns that MS is working on patching presently. This utility will buy Microsoft more time to develop, test & release patches in the manner described above.
Would you like to know more? Well, here's hoping Microsoft follows through & rids IE of these known vulnerabilities at last. As always you can check our
OS Updates for the latest in Windows 98, Me, 2000 & XP patches - the latest 2 additions being the aforementioned IE patch & a WMP9 patch.
Microsoft gets serious on IE security
10-12-2003
