Forgot your password?
typodupeerror
Internet Explorer Bug Microsoft Security IT Technology

IE Patch To Fix 57 Vulnerabilities 91

Posted by timothy
from the there's-a-sauce-for-that dept.
Billly Gates writes "Microsoft is advising users to stick with other browsers until Tuesday, when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled. There is no word if this patch is to protect IE from the 50+ Java exploits that were patched last week or the new Adobe Flash vulnerabilities. Microsoft has more information here. In semi-related news, IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates."
This discussion has been archived. No new comments can be posted.

IE Patch To Fix 57 Vulnerabilities

Comments Filter:
  • by thue (121682) on Saturday February 09, 2013 @10:29AM (#42842951) Homepage

    IE10 bundles Flash, so I guess the flash bugfixes can be related.

    But IE does not bundle Java - why would the IE bugfixes be related to the Java bugfixes?

    • by colfer (619105)

      The Mozilla plugin check tool can be used in any browser, and reports Flash on IE10 on Win8 is still "outdated": https://www.mozilla.org/en-US/plugincheck/ [mozilla.org]
      But the tool can be inaccurate for some browsers. At this time it does show Flash on Chrome as up-to-date. Chrome also bundles its own Flash. Firefox shows as OK too, after you update. If you try to update Flash in IE10 you get a notice that Flash is bundled, but it also says you can install it if you really want to.

    • by hairyfeet (841228)

      I doubt seriously they have anything to do with Java, its just some name dropping to make TFA more "trendy".

      But THIS is why I don't recommend IE and in fact go out of the way to make sure my customers have IE alternatives installed. IE could be the greatest browser on the planet but because its the browser of the clueless it has a 50 foot bullseye painted right in the middle of its too juicy a target.

  • by Anonymous Coward

    "Microsoft is advising users to stick with other browsers until Tuesday"

    Ok everybody! go and install Firefox or Chrome!

    • Re:Seriusly? (Score:5, Informative)

      by jones_supa (887896) on Saturday February 09, 2013 @10:43AM (#42843021)
      There seems to be a mistake in the summary. The ZDNet article says "With this in mind, users are advised to switch to another browser for the next few days until the updates are released." That seems like ZD's own recommendation, I couldn't find that from the MS security bulletins.
      • by mwvdlee (775178)

        I was surprised at reading that in TF(UBAR)S as well; the only reason I can imagine for MS saying that is if they were planning to drop IE altogether... somewhat unlikely.

      • by Snowhare (263311)

        I think MS may have revised the tech note after ZDNet wrote their story. It was offline for a little while after the story came out, and then came back again.

    • I advise all my clients who are *still* on windows to stay the hell away from IE period.. Firefox/Chrome/Opera are FAR superior to the "swiss-cheese" security environment of MS's turd browser.. So that I'm not *completely* negative, they have come a long ways with what I've seen of IE10, but they make up for that win with the abortion they call Unity/Windows 8.. I'm sure Metro is just fine on a tablet, but on a desktop with keyboard/mouse??? They HAD to be smoking some serious shit...

      • by smash (1351)
        Firefox, Chrome and Opera have their own issues. Firefox has issues with multiple levels of proxy chaining in certain environments. IE security can be managed via filtering proxies, security zones, UAC, etc. Incompatibility between other browser and business apps often can not.
  • by ark1 (873448) on Saturday February 09, 2013 @10:34AM (#42842969)
    browsers. Where did you got this information? MS bulletin does not state that and I doubt MS would ever make such recommendation no matter how serious the bug was.
    • by djmurdoch (306849) on Saturday February 09, 2013 @10:40AM (#42843001)

      The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS.

      • "The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS."

        Just as well timothy picked it up in editing. Oh, wait...

        • by tgd (2822)

          "The submitter got it by misreading the ZDnet article. It was the author of that article (Zack Whittaker) who made the recommendation, not MS."

          Just as well timothy picked it up in editing. Oh, wait...

          Its a Microsoft story -- what is Slashdot going to pick? A summary of an article that communicates the total non-news of a Patch Tuesday, or a hyped-up Anti-Microsoft article that excites their target audience into high levels of self-congratulatory mental masturbation?

          • "excites their target audience into high levels of self-congratulatory mental masturbation?"

            Mental? Why would you throw such an extraneous word into that statement?

            'Scuse me, I gotta get strokin'!

            • by tgd (2822)

              "excites their target audience into high levels of self-congratulatory mental masturbation?"

              Mental? Why would you throw such an extraneous word into that statement?

              'Scuse me, I gotta get strokin'!

              Well, I'm assuming its hard to franticly reply on Slashdot in one window, and surf 4chan in another, with one hand occupied.

  • by eksith (2776419) on Saturday February 09, 2013 @10:36AM (#42842981) Homepage

    The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security) which is a sure fire way to motivate companies to keep their software secure. I know it's not the favorite company here, but they fought (sometimes dirty) to get where they are. They made it and have to deal with the "now what?" phase. Software monocultures suck no matter who's culture it is.

    What I found really interesting is that bulletins 7-9 and 11 are for escalation of privilege whereas the rest are for remote code execution. Which means, it may not have helped much to be logged in as an unprivileged user anyway.

    • Re: (Score:1, Offtopic)

      by Shavano (2541114)

      Software monocultures suck no matter who's culture it is.

      You mean whose. Hope this helps

      • I saw that. I thought, "Hey, I could be a grammar nazi here." Then, I thought, "Yeah, but why be a douche?" Then, I found your post. So, yeah . . . whatever . . .

    • by Ralish (775196) <ralish&gmail,com> on Saturday February 09, 2013 @03:38PM (#42845097)

      The fact that IE6 is being patched means someone dropped a NS bomb on them (National Security)...

      It's being patched because IE6 shipped with Windows XP and MS guarantees they will support the version of IE that was shipped with a given release of Windows for the support lifetime of that Windows release. Windows XP is supported into 2014, so Internet Explorer 6 on Windows XP is as well. This is not a secret.

      • by smash (1351)
        In other words, blame all the "you'll prise XP from my cold dead hands" blow-hards.
  • by YrWrstNtmr (564987) on Saturday February 09, 2013 @10:37AM (#42842985)
    ...57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
    and
    No word on whether IE 10 will be included as part of the 57 updates.

    Did you even read what you wrote?
    • by rjr162 (69736)

      Re-read.. part of the updates are patches, including patches for IE 10, BUT its not known if one of the updates is the actual upgrade to IE 10 its self... was that so hard to understand? (I realize it could have been worded it a bit better, but it's still not hard to figure out)

    • I wonder if you did not read it.

      IE 10 is almost done for Windows 7 and has a IE10 blocker available for corporations. No word on whether IE 10 will be included as part of the 57 updates.

      It's talking about IE 10 being released for Windows 7.

    • Patches, you say? What about SP2 for Win 7? Other than making us move to Win 8, is there a good reason why I should have to d/l 250+ MB on a clean install? A roll up for .NET 4 would be in order as well...

  • ZDNet = Garbage (Score:2, Informative)

    by Anonymous Coward

    They are 12 vulnerabilities and 57 patches across all their operating systems. 2 are critical.

  • First Oracle releases patches for 50 Java vulnerabilities, now Microsoft does better with 57 for IE. Who will be the first to go over 60 in the competition?

    In any case, it seems we are doomed as far as security on the Internet goes. Kinda depressing.

    • Who knows, maybe they are just paying attention to security and actually fixing their shit.
      • He's obviously got 107 zero-day attack vectors all lined up for a Valentine's Day massacre and Oracle patched away most of them and MS is gonna kill the rest come Tuesday.

  • by Ralish (775196) <ralish&gmail,com> on Saturday February 09, 2013 @03:28PM (#42845015)

    At least, I assume that is the prevailing attitude on Slashdot these days? Let's see:

    IE Patch to Fix 57 Vulnerabilities
    No, as per the linked Security Bulletin Advance Notification [microsoft.com] a total of 57 vulnerabilities are being fixed across Windows, Internet Explorer, Office & the .NET Framework. There are not 57 vulnerabilities exclusively in Internet Explorer as the title suggests. We can likely further expect certain vulnerabilities to only be applicable to certain versions of Internet Explorer once the full details are available.

    Microsoft is advising users to stick with other browsers until Tuesday
    Source?

    ...when 57 patches for Internet Explorer 6, 7, 8, 9, and even 10 are scheduled.
    No, as noted above, the vulnerabilities are across a variety of products. Further, 13 "patches" (aka. updates or bulletins if you prefer) are being released as multiple vulnerabilities are often patched in a single update. As per the linked bulletin, there are two bulletin's being released for Internet Explorer, which would typically result in two updates for Internet Explorer for a given Windows installation. Of course, there'll be many different updates released for different versions of IE and architectures (ie. 32-bit/64-bit/etc...) but a given Windows installation shouldn't have more than two applicable to it.

    No word on whether IE 10 will be included as part of the 57 updates.
    Apart from the explicit reference to Internet Explorer 10 being affected by at least some of these vulnerabilities in the linked MS Advance Notification? Have you tried reading the very articles you post? I'm reliably informed it helps comprehension.

    Are the editors trying to set a new record for inaccuracies within a small paragraph of text?

  • "Microsoft is advising users to stick with other browsers until Tuesday"

    I see.
  • 57 Varieties - of vulnerability!

Saliva causes cancer, but only if swallowed in small amounts over a long period of time. -- George Carlin

Working...