Jump to content

Several Critical Msie Flaws Uncovered


Recommended Posts

From Slashdot:

Several flaws have been uncovered by security firm eEye in Microsoft's Internet Explorer. The flaws allow remote compromise of computers running Windows Operating Systems and affect IE, Outlook and possibly other MS software. With the next MS Windows security bulletin release scheduled for June 14, 2005 news sources are reporting that in comparison with the Mozilla Foundation's prompt fix for the recently reported Mozilla 1.0.3 vulnerabilities MS appear to be leaving a large window for the possible malicious exploitation of these flaws.
Link to post
Share on other sites

Well Raul, alls I can say is I take reports like these from a "security" company who's main income comes from products that protect you from these exploits with a grain of salt. Its similar to the "reports" made by Virus companies when a new one is discovered in the wild...and they direct you straight to their web page where they sell you their product. I clicked on your link to eEye and was immediatly given popups to purchase or try a free trial :whip:.

 

As for being susceptable for a long period, thats not as long as it appears. eEye has a bunch of programers with their sole job being to uncover these bugs/vulnerabilities/security holes, once found they "report" them to Microsoft (and the press for free publicity) to be addressed. The only ones at this point who know where and how to use the exploit is eEye and Mickeysoft. It will take time (if ever) for someone else to find it...so when is the clock started for this "long period"? If there is no working exploit out "in the wild", what am I worried about?

 

Now I do agree that is does take a lot of time for MS to correct these thing. I just don't like the scare tactics or ethics companies use to sell their product. Just wait till the user base for browsers balances and these companies start closely examining the other browsers code.

Link to post
Share on other sites

Without wanting to start another "browser war", I agree with Bob. IE isn't perfect, I personally don't like it, but then again, the only perfect network/browser is one that is never connected to the outside world. Firefox, for the time being, is (in my opinion) a very, very good browser. But like Bob said, give it some time and the people who don't have a life (read "hackers") will eventually get around to messing with THAT browser too. *SIGH* :whip: Such is life on the Internet, I guess!

Link to post
Share on other sites

To be honest, I don't really care.

I just saw the news and wanted to let folks know.

 

As for how long the companies/organizations take to fix their products, I shouldn't say anything but facts should speak for themselves. You know what I'm talking about, Bob. :whip:

 

About giving Firefox (or anyother browser that becomes widely popular, for that matter) some time and it will too be targeted, yes, it probably will. But that's not the issue, here. Every software has bugs. The big difference is in how quickly these problems are handled and, as I said above, facts speak for themselves.

 

So as I said, I don't really care. I just wanted to warn people, as I usualy do when I see a security warning about software that is widely used by the folks on this forum. I don't care if the warning comes from eEye, Secunia or the US DoD - if it's about IE, I believe it. It may not be as serious as they make it sound but that's not up to me to decide, I just pass on the warning.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...