Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Bug Microsoft Security

Microsoft to Issue Out-of-Cycle Patch for IE 391

Posted by CmdrTaco from the download-reboot-repeat dept.
rsw writes "Microsoft will be breaking their normal patch cycle and issuing a patch for the Download.Ject attack (a.k.a. Scob). They claim that the forthcoming patch will be a "long-term solution to the core vulnerability" exploited by Scob." Note that this does not mean that they are replacing IE with FireFox.
This discussion has been archived. No new comments can be posted.

Microsoft to Issue Out-of-Cycle Patch for IE More

Microsoft to Issue Out-of-Cycle Patch for IE

Comments Filter:

  • Re:Firefox (Score:3, Informative)

    by Mz6 ( 741941 ) * on Thursday July 29, 2004 @03:02PM (#9835075) Journal
    Well... I think someone submitted that as a Slashdot bug and they wrote it off as a Mozilla one instead.

  • Re:Wow (Score:5, Informative)

    by chrisgeleven ( 514645 ) on Thursday July 29, 2004 @03:04PM (#9835118) Homepage
    Except this patch was needed a few weeks ago (and the exploit if I remember right has been known for months).

  • Re:Firefox (Score:5, Informative)

    by AliasTheRoot ( 171859 ) on Thursday July 29, 2004 @03:04PM (#9835122)
    /. doesn't exactly produce the most compliant html...

    however I've never had any problems with the site using firefox.

  • Re:Firefox is not the answer. (Score:5, Informative)

    by kid_wonder ( 21480 ) <public@kscottkle i n . c om> on Thursday July 29, 2004 @03:08PM (#9835183) Homepage
    I disagree. I use firefox for just about everything; online banking, online account management, etc. Every once in a while I need to open up IE to view a flash animation or some other stupid site that uses ActiveX - but at that point I know what they are trying to do and can establish the risks of going to it in IE.

    btw, regarding all these /. problems, for some reason I get this render problem intermittently, but a simple reload typically handles the problem.

  • Re:Does anyone use IE anymore? (Score:5, Informative)

    by ErichTheRed ( 39327 ) on Thursday July 29, 2004 @03:08PM (#9835188)
    The problem I found is that a lot of web apps are coded for IE's "extensions" that don't translate over to Firefox. We have a few internal apps at work like that, but there are public examples too. E.g, my power company paid some contractor to put together an online bill pay system for them, and obviously they're not interested in fixing it. Open the page in IE, and it works fine. Open it in Firefox, and you get a blank screen.

  • Re:Firefox is not the answer. (Score:5, Informative)

    by PeteQC ( 680043 ) on Thursday July 29, 2004 @03:09PM (#9835210)
    There is a lot of "broken" sites that won't be right in IE when Microsoft will release it's SP2 for XP with a lot of added security to IE.

    Pop-up won't show, and all the non-correctly defined elements won't show right neither. So, maybe finally the webmasters will correct their sites.

  • Re:Firefox (Score:3, Informative)

    by dsanfte ( 443781 ) * on Thursday July 29, 2004 @03:15PM (#9835304) Journal
    Occaisionally the slashdot homepage will not fully render in Firefox. It will appear blank except for images until a reload or two is done. The comments pages also tend to be text-biased too far left on occaision, rendering the comments' text a bit into the Sections and help left-sidebar. This is also fixed after three or four reloads.

  • Re:Firefox (Score:2, Informative)

    by StRex ( 32430 ) on Thursday July 29, 2004 @03:19PM (#9835347)
    The funny thing is that, as mentioned elsewhere [slashdot.org] in this discussion, changing the font size using Ctrl+Mousewheel, and then changing back to the original size fixes the problem--until you refresh. It is particularly strange that the only site where I have Firefox rendering issues is /. though....

  • Re:Is there something wrong with me? (Score:5, Informative)

    by GigsVT ( 208848 ) on Thursday July 29, 2004 @03:24PM (#9835415) Journal
    My wife was infected by spyware by simply visiting a site that was an etrade affilliate site (they were offering a free PDA if you opened an etrade account).

    She told me at the time the only difference between her computer and her friend that sent it to her was that she had Sun Java installed and he didn't. He didn't get infected and she did.

    This was several months ago, she searched and didn't find any exploit info about it.

    A couple days ago she found the exact exploit she had encountered on a vulnerability list, a combination of Sun Java and an IE bug cause a certain vulnerability.

    So you might think you are safe, but how many "zero day" or unknown exploits, such as the one my wife got infected by spyware via are out there?

  • Re:Remove need for patching...by removing IE. (Score:2, Informative)

    by Apathetic1 ( 631198 ) on Thursday July 29, 2004 @03:30PM (#9835505) Journal

    Removing IE will not remove the vulnerability. The vulnerability is in the MS-HTML control not in the Internet Explorer executable. Any application that uses the MS-HTML control is vulnerable.

  • Do people care? (Score:5, Informative)

    by taylortbb ( 759869 ) <taylor@byrnes.gmail@com> on Thursday July 29, 2004 @03:31PM (#9835515) Homepage
    Do people care about IE security problems? Most do actually, people just either don't know about the vulnerabilities or if they do they don't know there's anything that can be done.

    Everyone I know when I talk to them about how bad IE is, if they listen, switches to Mozilla, I switched my school's computers and those of atleast 60 others.

    People are listening now more than ever, its becoming so bad (atleast one a week) the mainstream media is even going "Another Internet Explorer vulverability has been found".

    All I tell people is that:
    1. Mozilla works faster
    2. It has a pop-up blocker
    3. It is immune to those once a week IE vulnerabilities
    4. You just about don't get spyware (and mention keyloggers). <---The Killer One And BTW, I use Firefox 0.9.2 (mozilla.org build for Linux/x86) and have never had problems with how /. renders.

  • Re:Firefox (Score:2, Informative)

    by br0ck ( 237309 ) on Thursday July 29, 2004 @03:38PM (#9835614)
    They're working on it [slashdot.org].

  • Re:Firefox is not the answer. (Score:2, Informative)

    by stratjakt ( 596332 ) on Thursday July 29, 2004 @03:39PM (#9835617) Journal
    Netscape still has the name recognition.

    If someone fights against Mozilla, just have this conversation:

    "I'm installing Firefox on your machine to use instead of IE"

    "NO! I need IE, I dont want to try some other software!"

    "Ummm, ok, how about Netscape?"

    "Sure!"

    Firefox isn't even to a 1.0 release. It's good, but it's not finished. It's not ready to be shoved down everybodies throats, there are still plenty of issues.

  • Firefox vs. IE (Score:2, Informative)

    by bannerman ( 60282 ) <curdie@gmail.com> on Thursday July 29, 2004 @04:04PM (#9835980)
    I have problems viewing PDFs with Firefox. If I open more than one at a time I almost always wind up watching Firefox crash and burn. I think it may have to do with the fact that I have Acrobat, not just Reader. I'm not sure. I can't reproduce it all of the time, but it's very frustrating when I'm in the middle of a good slashdot thread and everything goes bye-bye. Crashes suck. I still prefer to use Firefox, though.. I'd rather crash once in awhile than spend my morning trying to remove VX2 or something of that nature.

  • Re:beige (Score:5, Informative)

    by threephaseboy ( 215589 ) on Thursday July 29, 2004 @04:10PM (#9836061) Homepage
    theres a better way. change the url from it.slashdot.org to just slashdot.org
    or whatever.
    example:
    http://it.slashdot.org/article.pl?sid=04/07/29/175 1213 [slashdot.org] turns into
    http://apple.slashdot.org/article.pl?sid=04/07/29/ 1751213 [slashdot.org]

  • Re:Firefox (Score:3, Informative)

    by Reckless Visionary ( 323969 ) * on Thursday July 29, 2004 @04:12PM (#9836078)
    Apparently this is fixed on trunk, but not on the aviary branch.

    http://bugzilla.mozilla.org/show_bug.cgi?id=2175 27

  • Re:Is there something wrong with me? (Score:3, Informative)

    by tshak ( 173364 ) on Thursday July 29, 2004 @04:27PM (#9836278) Homepage
    Spyware has more to do with social engineering by visiting questionable than anything else. Most people click "OK" past the IE security warnings when spyware is trying to install itself. Microsoft is doing it's part to try and mitigate this problem in XP SP2 by making warning dialogs more clear and urgent, and in some cases even adding a timer before the user can actually click OK (Outlook 2003 currently does this if any outside program tries to send email through it. It's annoying but it's better than the alternative).

  • Re:Does anyone use IE anymore? (Score:2, Informative)

    by anomalous cohort ( 704239 ) on Thursday July 29, 2004 @04:33PM (#9836363) Homepage Journal
    Open the page in IE, and it works fine. Open it in Firefox, and you get a blank screen.

    This is what I do when I run into one of those mysterious "blank screens."

    • Launch konqueror
    • Configure konqueror to identify itself as Internet Explorer to the web server
    • Surf to the offending page

    This gets me past the "blank screen" problem about 75% of the time.

  • Comment removed (Score:3, Informative)

    by account_deleted ( 4530225 ) on Thursday July 29, 2004 @04:35PM (#9836404)
    Comment removed based on user account deletion

  • Re:Does anyone use IE anymore? (Score:4, Informative)

    by aWalrus ( 239802 ) <sergio&overcaffeinated,net> on Thursday July 29, 2004 @05:16PM (#9836963) Homepage Journal
    That conclusion is a non sequitur, since it is usually made from the standpoint of webmasters who have non-compliant sites that break in alternate browsers. If you're looking at the traffic statistics for your site that breaks in Firefox, it is *obvious* that you won't find very many Firefox users, since you're driving them away.

    To provide some numbers, check the Google Zeitgeist [google.com]. Although it does show that IE 6 has a clear dominance, the Mozilla traffic is on par with IE 5.0 and IE 5.5 -- If you support those, you should support Mozilla.

    If you go to more techie-oriented sites you'll see very different results. In my site's own stats, IE accounts for less than 50% of visitors (and yes, there *are* more than 5 people visiting daily).

  • *yawn* Are the security-consciou still using IE? (Score:2, Informative)

    by HSpirit ( 519997 ) on Friday July 30, 2004 @03:38AM (#9841410)

    I mean, seriously, if you're concerned about on-line security, there are a plethora of alternatives about, so this news should be a non-event.

    Ours is a small office, gtanted, but I've installed Mozilla 1.7 (and 1.6 before that, and Netscape 7 before that) on all the PCs (Windows/Mac), made it their default browser, and upped security on IE's Internet Zone so that all active content is blocked.

    Following this, I emailed (and followed up with personal explanation) the following advice:

    1. Use Mozilla as your first browser of choice. Nine out of ten times the site will work just fine.
    2. If the site appears to be not working, try it in Internet Explorer.
    3. If the site still doesn't work, even in Internet Explorer, email me the URL and I will add it to the 'Trusted Sites' zone - this should allow it to work in Internet Explorer while maintaining our network security.

    Given that the majority of serious web developers seem to be mindful of cross-browser support (if not standards compliance outright) these days I am somewhat bemused that any security-minded organisation still insists on using IE.

Slashdot Top Deals

"Ninety percent of baseball is half mental." -- Yogi Berra

Close