Uber-patch for Internet Explorer 590
malevolence writes: "According to The Register, Microsoft has released an Uber-Patch for Internet Explorer that fixes all known security problems, as well as 3 new ones, including the content-type issue that was reported on slashdot a few days ago."
Uber Patch (Score:4, Funny)
Re:Uber Patch (Score:5, Funny)
It'd be the perfect trojan horse... MS gets leniency from the DOJ in exchange for some...favors.
Even weirder... (Score:5, Interesting)
What if it was the reverse. The DOJ gives MS leniency, but calls in a favor with the FBI to announce some "Magic Lantern" spyware, and suddenly open projects become very popular....
...naw. ;-)
Oh, come ON. (Score:2, Informative)
"When asked if Magic Lantern would require a court order for the FBI to use it, as existing keystroke logger technology does, Bresson said: 'Like all technology projects or tools deployed by the FBI it would be used pursuant to the appropriate legal process.'" (my emphasis)
So unless the FBI has gotten a court order against the 84.8% of web surfers [internet.com] who use Internet Explorer, this is pure FUD.
Sheesh.
Pursuant to Appropriate Legal Process != YES (Score:3, Insightful)
Note that the segment you highlighted did not say "YES" - why do you suppose they didn't say yes?
In MS we trust. (Score:3, Interesting)
. . . d. Act under exigent circumstances to protect the personal safety of users of Microsoft, the
With the recent terrorist activities and the sweeping new anti-terrorist legislation, any "exigent circumstances" could be said to be met as a matter of course. So what guarantees do we have that MS and the gov't doesn't have a secret agreement in place to continuously sift and profile all the data (OUR data) that the
You gotta wonder... (Score:2, Interesting)
Re:You gotta wonder... (Score:2, Insightful)
Re:Uber Patch (Score:5, Informative)
Re:Uber Patch (Score:4, Insightful)
Hmmm, I don't recall any version of IE working for linux. Perhaps the underlying truth is more embarrassing than we realize...
Nah, probably working stiffs who are stuck on NT/2K/Win9X boxes at work...
Re:Uber Patch (Score:5, Insightful)
Re:Uber Patch (Score:3, Informative)
What was the last version of Mozilla you used?
Re:Uber Patch (Score:2)
really wild and crazy folks ... (Score:3, Interesting)
And you are nuts if you put one behind the firewall where any old Outlook or MSIE flaw will put a keylogger, sniffer or what ever. What's the point of a nice little firewall when some goon can soap his way through the browser?
I suppose you just have to be wild and crazy to use M$ at all. Look at what your money buys: a poor security model with intentional bypasses, monthly crashes, Magic Lantern, WMP sound, Digital Rights Management (now patented!), remote kill switches, and the opertunity to pay again and again. What a bargain, but spending is good for someone else's economy so party on, fanboy!
Posted using Mozilla, running through a secure shell from a 650MHz Athlon to my punny little 150 MHz Pentium laptop on my lap in my bed. Try that with M$ garbage. What MSIE won't run in 24MB RAM? What Billy G won't let you run coppies of it on more than one machine at once? Where did you want to go yesterday?
Hmm. (Score:3, Informative)
tee hee (Score:5, Insightful)
If Microsoft suddenly changes how their browser handles downloaded files, tens of thousands (perhaps hundreds of thousands? any webpage which downloads files) of webpages "designed for IE" will have to be rewritten.
Good grief! Can somebody link to the tens of thousands of "designed for IE" webpages that are currently incompatible as a result of this patch?
In fact a proper "fix" of this hole probably involves de-integrating their browser and local file handling to some extent.
Eerrr.. a proper "fix" of Michael's previous article probably involves a higher level of computer literacy, and less impulsive urge to write expository essays that sound dramatic, but are wrong.
Re:tee hee (Score:5, Insightful)
So yeah, it would be a kinda big problem, and it's Microsoft's fault (if they wouldn't have set up a brain-dead policy of not handling MIME types properly then the servers would have been set up right to begin with). But it's not a "Designed for IE" page thing, and I doubt it's in the thousands of pages. Most pages that don't get the kind of traffic where somebody would notice bad HTML (e.g. homepages) are hosted on GeoCities/Angelfire/whatever which already have MIME types set up right.
What a ripoff. (Score:5, Funny)
Re:What a ripoff. (Score:5, Funny)
Question for michael... (Score:2, Troll)
Anyway, this is a really good indication on the part of MS...perhaps an indicator of more initiative on these problems in the future. I definitely think that this is the type of thing that they need to continue if they wish to salvage their reputation at all...
Re:Question for michael... (Score:5, Interesting)
IE is the best browser out there. Check ANY review. And MS has jumped to fix a bug that everyone found (notice the GAPING HOLE in Solaris/AIX [slashdot.org] systems that still isn't patched? Why aren't you going off on that?)
Remember when you had to purchase Netscape, but IE was free?
Mozilla MAY -become- better, but it isn't, yet. If you give me that "IE doesn't run in Linux" then why are you even posting to this article?
You guys need to be less Open Source/Anti-Microsoft Zealotous.
I'd post anonymously to preserve karma, but the authors already know my IP (see sig).
Re:Question for michael... (Score:3, Informative)
Besides, anyone not using ssh rather than telnet and rlogin is not very worried about security anyway.
Re:Question for michael... (Score:2, Insightful)
Well?
Re:Question for michael... (Score:2, Interesting)
And if I was to create a browser virus, I'd target the most used browser, and the browser that the "clueless-mother-type" users use.
That isn't an insult to IE, but for computer/internet learners, IE is the browser they learn on.
If linux was the biggest OS and Mozilla the largest browser, I think you'd find more Virii in linux and mozilla.
Target the many, target the weak (users). That's what virus writers do.
Re:Question for michael... (Score:2, Redundant)
Remember when you had to purchase Netscape, but IE was free?
No, I was a student back then. How is this relevant anyway? (Remember when IE TOTALLY SUCKED?) So MS had deeper pockets than Netscape. So what? How much do you have to pay for mozilla?
Mozilla MAY -become- better, but it isn't, yet.
For me it is. For everyone else, who cares?
The bias on /. is VERY old news.
What about using Opera? (Score:2, Informative)
No brainer... (Score:3, Insightful)
The BEST is all in how you measure it, non?
Although realisitcally this isn't so much a flaw in IE, rather it is a flaw in the tight integration of IE and windows. How many of the major Microsoft security problems it the last couple of years can be directly tied to the integrations between the operating system and the applications? Frankly I can't think of many that aren't directly attributable to that.
It all boils down to the usual sacrifice of security for convenience. A computer in a 6 foot thick block of concrete at the bottom of the ocean is very secure and nearly unusable. Microsoft has chosen to focus more on convenience and their security must pay the corresponding price.
Remember when Netscape was on top (Score:2, Insightful)
It's no different with IE now. It's possible that Mozilla really is less flawed than IE, but I guar-an-tee that if it had 85% of the market, we'd be hearing about security problems all the time. I'm not a MS apologist, I just want to shed some light.
Re:Question for michael... (Score:5, Insightful)
Care to back this up? Have you used the alternatives? In case you missed it, here is what Moz has that is lacking in IE:
Those are just some of the highlights of why mozilla is the better browser and quite frankly, blows away IE, even as prerelease software
Re:Question for michael... (Score:2)
How do you know Mozilla is rendering it improperly and IE isn't?
There's this thing called using your brain and reading the spec. How do you think something gets made compliant in the first place?
Re:Question for michael... (Score:2)
I actually really do like mozilla more than IE now. Mozilla basically supports everything IE does, now, and has some extra nice features like tabs.
I agree with you about the anti-microsoft stuff. I hate microsoft too, but I think it's just wishful thinking on the part of slashdot kids that Microsoft software is automatically insecure and Linux/UNIX is automatically secure. I recall many recent high-profile vulnerabilities in linux software, for instance, and to get rooted through those I didn't need to browse to some hacker's site -- just sit back and let them do all the work.
Personally, I think as MS moves to
IE the Best? (Score:2, Informative)
For years I used Netscape and loved it, up through about 4.0 (4.5-7 are bad, bad, bad). I even used 4.7 for a long time, before finally deciding that I just couldn't live with the shitty rendering, slow reaction time, and general bugginess. So I tried IE, just to see how bad it was.
And it was amazingly fast, clean, and surprisingly not crashy, considering it was Microsoft's. Slowly, I started to accept that IE was the best browser out there. And I used IE, and netscape actually disappeared from my computer.
Sure, I tried Mozilla, and Netscape 6.0 and 6.1. Quite honestly, they're crap. They're slow, not particularly stable, and ugly. But mostly they're just slow, fucking slow. It's not just loading the program, it's also in large part that I open a page and Mozilla takes about three times as long to render as IE.
But when I read that security page the other day, I found a new program to try. So I tried it: Opera. I last used Opera on a mac a couple of years ago, when it was small, shitty, buggy, and lacking features, like security. So I wasn't really expecting anything.
Opera is fucking brilliant. It's fast--it's actually faster both to load and to render pages than IE. It gets rid of a lot of the useless shit that IE throws up--like dialogs to go from secure to insecure. It has security, it has a full feature set (at least, all the stuff I use, like plugins and java and working pages). It lets me use the keyboard more than IE.
And the best part: it lets me block out pop-up windows. You have no idea how amazing a feeling it is to go to a site that throws pop-ups at me like mad and watch them, well, not load. No idea until you try it. It even pretends to be IE for pages that require IE.
I have had one page fail to load correctly--a credit card account page. But considering it loads wrong half the time in IE, it's not too bad. Still, I'm keeping IE around (and patched it) in case I find something glaringly wrong with Opera, but until that time, I'm happy with this.
Oh, did I mention it sits in _half_ the memory footprint of IE, and about a third of Mozilla?
Check it out. Opera [opera.com]. It's not Open Source, but then again, if we're talking about IE, we're talking about windows, so...
Jeff
Re:IE the Best? (Score:2)
Now.. which chrome is ugly? Calling a completely skinnable browser ugly doesn't make sense.. sorry.
And, Mozilla reports less crashes than netscape 4.x ever had - so they are actually an improvement above Netscape even when you used it.
As far as speed, I'm not sure what you are doing wrong but it is very quick. I use Mozilla extensively and exclusively and it is exceptionally fast. As far as your memory foot print comment, you realize you can't accurately guage IE's memory foot print? It's threaded into the shell, too.
Mozilla still has a way to go, but anyone who thinks it's slow, ugly, and unstable obviously hasn't used it recently. Or ever, feel free to prove me wrong - but it runs as fast (faster than IE on another box of the same specs) as I could want it to.
MS Craziness (Score:5, Funny)
Just when I thought that I knew the difference between a Service Pack, Security Rollup Patch and a cumulative Hot Fix they go and release a Security Bulletin like this one.
Re:MS Craziness (Score:5, Funny)
Service Packs are the small, 6-8oz cups with the foil tops. They usually contain yogurt or pudding.
Rollup Patches are dried fruit puree attached to thin plastic wrap. You tear the fruit substance off the plastic before eating.
Hot Fixes are the things you remove from the plastic bag and put in the microwave. They usually consist of some sort of bread substance with a meaty and/or cheesy filling.
Hope that clears things up.
All in one patch is 1/2 the solution (Score:5, Insightful)
For those of us with less than a few hundred MS clients (read: fewer clients that would make usefull something as heinous as SMS push upgrades) the issues are still very clear:
1). It takes too much time to keep up on MS software patches.
AND
2). Once you know what you need you still have to go box to box to box to patch (in *most* cases).
Granted the 'uber-patch' will help, but it still means I need a couple more inters to walk from machine to machine and interrupt users. IMO, patch managment tools should be MS's #2 priority (right behind 'getting it right the first time').
Cheers,
-- RLJ
Re:All in one patch is 1/2 the solution (Score:5, Interesting)
Been there, done that (Score:2, Informative)
The patch that blew up this approach for us was MS01-50. It had two critical patches to apply at the same time, and the system tried to apply both at once, when you needed a reboot for each. Guess who was "volunteered" to re-patch the machines.
*sigh* It's Friday afternoon. Time to go home. No more f*cking patches to do.
Re:Been there, done that (Score:5, Funny)
Not so fast, buster. First we need you to change the toner cartridge on the LJ4 up on third floor.
hup-hup to it, now, IT boy. The girls in the secretary pool don't call you 'sysadmin' (while smirking) for nothing.
Re:All in one patch is 1/2 the solution (Score:2)
I have been pining to get VNC (or just about any remote desktop app) on the clients for some time. My one concern here is that I don't know much about VNC's security implications. I think I'll do some reading...
Cheers,
-- RLJ
Offtopic - I find it interesting that the flames are by anon cowards and do not contain supporting materials. Hmmmm ... :-)
Re:All in one patch is 1/2 the solution (Score:2, Informative)
Walk to individual machines. Hah, that's so 80s.
Re:All in one patch is 1/2 the solution (Score:2, Insightful)
Oh yeah just my opinion I could very well be wrong.
Re:All in one patch is 1/2 the solution (Score:2)
If you want to prioritize who gets patched first, you can send the patch as an email to everyone and warm them not to run it. The ones you need to worry most about will be the first patched...
For IE 5.5 users (Score:4, Informative)
It seems unlikely that the SP2 for 5.5 includes this as of right now, although it will eventually (I know sometimes I'll download an SP and take a few days to actually install it). Check your versions before you plunge your box into browser hell =)
Re:For IE 5.5 users (Score:2)
Download URLs (Score:5, Informative)
for IE6:
http://download.microsoft.com/download/IE60/secpa
for IE5.5:
http://download.microsoft.com/download/ie55sp2/se
These updates have not yet appeared on Windows Update [microsoft.com].
Re:Download URLs - Must Have 5.5 SP2 (Score:4, Informative)
http://download.microsoft.com/download/ie55sp2/
Note, that is for IE 5.5 SP2 if you have SP1, or plain vanilla 5.5, you will first have to upgrade, so you may want to wait till a full release with the patches is available. SP2 is 17MB download.
Anyone know what the equivalent version is if you have the AOL version of IE? (not that I do) but you can imagine AOL will be slowed to a crawl if every single user must get an upgrade first to SP2 or IE6, then get this patch. When - oh - when will AOL finally become browser neutral or go entirely to Netscape/Mozilla?
Re:Download URLs - Must Have 5.5 SP2 (Score:2)
Re:Download URLs - Must Have 5.5 SP2 (Score:2)
Shrug
Re:Download URLs (Score:3, Interesting)
Check windowsupdate.
or.
Go to this huge MS address. Then go here, or here. Then download and run this.
Re:Download URLs (Score:2, Informative)
Windowsupdate quite annoying! (Score:3, Insightful)
1. Start IE (click through internet connection wizard)
2. Open the windows update website
3. Download an activeX application to determine what updates I need
4. Download and install the updates (often, more than 5!) one at a time, rebooting in between each one!
It's so much easier to swivel my chair around to my redhat box and do a simple 'up2date -i'.
I wonder if there's any particular reason why Microsoft makes it so difficult? Do they actually like their security holes?
Re:Windowsupdate quite annoying! (Score:3, Interesting)
Its because of the way windows works. It wo't let you overwrite a .exe or .dll that is in use, and since IE is so tied into the OS itself, most of the IE components are in use all the time. Therefore you have to reboot in otder for the update to take effect. When rebooted, it copies the file sover while in protected mode, before IE loads.
Comment removed (Score:5, Interesting)
Re:Windowsupdate quite annoying! (Score:2, Insightful)
In a word, yes.
If you think this is a troll, take this little test...
You have just found out that Your Favorite Operating System, which you run on Your Computer, has a vulnerability which you consider important enough to do something about.
Do you:
Locate and apply the appropriate patches for Your Favorite Operating System, and make whatever other changes are necessary to mitigate the situation.
Learn more about Your Favorite Operating System so that you'll be even better able to assess these threats and prevent vulnerabilities in the future.
Lose interest, and just continue running Your Favorite Operating System, vulnerabilities and all, and go back to reading Slashdot, surfing the web, etc.
Get fed-up, say "This is the last straw!" and abandon Your Favorite Operating System, replacing it (and all of the applications, data files, and procedures which depend upon it) with Some Other Operating System which you may have heard about.
We can all see ourselves or think of others who would react in any (or perhaps all) of the first three ways, all ow which favor the incumbent. I can't think of anyone who would respond similarly to the last, which is the only one which would topple the status quo. With the exception of a few individuals who are charged with setting the strategic computing direction for large organizations, (that is, in a position to dictate what other people will run on their computers) security holes tend to reinforce the market position of the incumbent. And the harder it is to fix, the more time your customers spend with your product (increasing your mindshare) and the less likely it is that the hole will be patched, meaning you'll have another chance in the future to grab their attention again...
So, if you're charged with selecting a strategy to promote your operating system, your obvious tactics are:
Focus your energies on those few people who set the computing direction for major corporations.
(IFF you are the incumbent) Don't worry about security, because as long as you have a majority share of the market any security hole will only increase your mindshare. And mindshare is what it's all about.
Want to know how to apply this to Free Software, Open Source, and Linux?
Code, if you can. (and can do it well)
Document, if you can. (and can do it well)
Report bugs, if you can. (and can do it well)
But most importantly, Use it.
By just using the software, you create a habitat for the evolution of the software. If something works well, praise it. If something sucks, say so. The habitat for evolution is the key to success for both proprietary and free software. The key advantage that free software has over proprietary software lies in:
the ability to try to be all things to all people. Most of these will fail, but the ones that don't will be spot on.
the knowledge that no one is going to get fired or lose their job for producing something that no one wants. That's an incredibly liberating feeling for a software designer.
If Microsoft appears to be getting stronger, it's only because they're retreating back onto their own territory.
What they didn't tell you.. (Score:2)
More like Deja Patch... (Score:2, Funny)
Re:More like Deja Patch... (Score:2)
I know they have one in SpoCompton (aka Spo-Angeles aka Spokane).
Since I bet there are a large number of
This has to be chipping away at confidence.... (Score:3, Interesting)
I think consumers can weather something like, "Apply this patch in order to ensure that your copy of internet explorer appropriately identifies content header types and reconciles them with dialogue saving and automated execution routines." because it just looks so *foreign*. Approached from a non-computing background, it looks like something very small and unlikely to affect anyone. This patch, though, looks a bit more like "Oops. Our browser sucks for security. Install immediately."
Hopefully this will draw peoples attention to:
1) The importance of frequent patching
2) The lack of security in MSIE
3) The problems associated with bundling a browser into core OS functionality (bit more unlikely).
Of course, the spin is still there, but:
Who should read this bulletin: Customers using Microsoft® Internet Explorer.
Impact of vulnerability: Run code of attacker's choice.
Maximum Severity Rating: Critical
Recommendation: Customers using IE should install the patch immediately.
Affected Software:
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
...is still pretty cut & dry. Anyone with even half a brain should realize that if a gaping hole in a consumer product existed through *2* releases (like having a 2000 and a 2001 Honda both explode in flames under appropriate conditions), that product may not be the best built out there.
Right?
Of course, I'd be much more pleased if people were being notified via a big ol' link on msn.com, and through a mail from the beloved "Hotmail Staff". What, are they scared of leveraging a monopoly to insure the security of their users?
-l
Only 5.5 and 6.0? (Score:5, Interesting)
I had two users today get the Nimda.E variant via email. It had an interesting header that was included from an html formated email's iframe . . .
I'll leave out the actual format of the email's html. But what happened was Windows tried to run sample.exe right after previewing. No popup box, no nothing. And this was using Outlook Express 5.0 It was a good thing that the virus software saw the executable as a Nimda. If they had sent a format.exe that would have been it for the two user's data.
Microsoft said that only 6.0 was affected?
Or is this something different than what they have supposedly patched?
Re:Only 5.5 and 6.0? (Score:2)
No, they said they were only supplying a patch for 6.0 and 5.5SP2. Everyone else has to upgrade before they can apply the patch.
scariest thing on that page (Score:2, Insightful)
Uninstall is not available
Re:scariest thing on that page (Score:2, Informative)
Off Timing (Score:2, Informative)
A cheer for code you can verify yourself before you trust it to secure your computer for you.
It's not just IE - other apps need this! (Score:5, Informative)
Re:It's not just IE - other apps need this! (Score:3, Informative)
Fast Patching. (Score:4, Funny)
er....
Never mind.
--saint
Slashdot Inconstancies (Score:5, Informative)
Yesterday you bashed MS for not going public about anything, and now you bash them for patching the program. Short of open sourcing everything, is there anything they could do that would appease this croud?
They might not get it right on the first try, but they do fix their bugs, and i think this was fairly timely, especially given the size / scope of IE.
Re:Slashdot Inconstancies (Score:5, Insightful)
I think you hit the nail on the head. The answer is "no." The fact remains that this community has seen M$ do some nasty things, and now they've formed their opinion (and that's just fine). Regardless if M$ does something right, it really doesn't matter. Imagine if one day at school, the bully that usually pounds your ass into the ground held the door open for you ... you probably
wouldn't buy it for a second. Or maybe if Barry Manilow actually put out a mildly
good song ... would you admit to liking it? I wouldn't :P
Re:Slashdot Inconstancies (Score:2, Insightful)
I'd wonder what the hell he was up to and look for another door!
Gee... you hit on a pretty good analogy there.
Sensationalism courtesy of /. (Score:5, Insightful)
Warning: mild flamebait.
Remember Michael's over-the-top misinformed rant about this 3 days ago [slashdot.org]?
I'm surprised he posted this fix, kinda points out how far off base /. was
a short 3 days ago. Hey, I'm no M$ fan and I kinda expect some opinion on /.
posts ... but there comes a point when it turns into yellow journalism and becomes childish M$ name calling.
Re:Sensationalism courtesy of /. (Score:2, Insightful)
What's the problem?
More sensationalism courtesy of fumble (you dropped the ball).
This qualifies more as "troll" than "flamebait" (Score:4, Informative)
Flamebait is typically written to elicit strong emotional response and name-calling from the target audience... this falls under the "troll" category which gives a more subtle feeling of disturbance, saying something usually inaccurate or incorrect in a seemingly reasonable manner to generate lots of "discussion". Let's go point-by-point:
Seeing as michael's story was neither misinformation nor an over-the-top rant (read the story), this plays on the popular opinion that slashdot gets a lot of stuff wrong all the time, as well as our obvious anti-Microsoft bias, to pretend that it was in fact an over-the-top misinformed rant.
Did they provide information about when a patch was available? At the time, they did not, so this is hardly misinformation. Whether they release a patch today or three months from now, "no information" is still "no information".
Correct me if I'm wrong, but I believe "M$" is childish name calling. "If it agrees with me, it's opinion, otherwise it's bias": This just about sums it up. There is nothing wrong with bias; there is no way to avoid it, claiming something is unbiased is a great indication that something is trying to be intentionally misleading. I read slashdot because the bias mostly agrees with my own. Perhaps your time would be better spent looking for a more agreeable forum, instead of trolling on this one.
Re:M$ is a string variable (Score:2)
I stand corrected. :-)
Great (Score:4, Funny)
I turned off Active Scripting to be secure (Score:4, Informative)
By doing so, I can't get to Hotmail, can't sign in to Passport, and most importantly, can't access Windows Update.
Hey, anyone astroturfing for Microsoft! Your own security recommendation means people can't access your sites. I am NOT turning on active scripting(i.e. disabling a security measure) so I can get the fix.
You guys need to make your site work without Javascript. Sheesh. How can anyone take you seriously?
Re:I turned off Active Scripting to be secure (Score:3, Funny)
Seems pretty professional to me. Some of the finest porn sites do that.
Does anyone else feel immoral? (Score:4, Insightful)
By this logic, which I feel is a common path for businesses to take, using Internet Explorer and letting webmasters know that you do will harm our freedom to choose our client software in the future.
I don't understand why no one else has come forward and stated that they feel this way. For this reason, I refuse to use the software except in situations where it's seriously inconvenient to do otherwise.
I don't mean to be alarmist. If the web is only accessible from IE, a project will be started to supply a proxy for other browsers which interprets the data from the web server and converts it to nice, standardized HTML. This could get kludgy, and is the worst case scenario I see.
Don't be immoral (Score:2, Interesting)
For all the reasons that you state, I:
Re:Does anyone else feel immoral? (Score:5, Funny)
Does anyone else feel immoral browsing the web with an Internet Explorer USER_AGENT?
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Cu rr entVersion\Internet Settings]
"User Agent"="Mozilla/Church Lady 3.01"
Would that make you morally superior?
I just installed it (Score:2, Funny)
Hmm.. (Score:2)
If it's just not in Windows Update, shame on MS. That is the only place I go for updates. I don't waste my time wading through all of the other crap on MS's website.
/me strokes debian woody..
all "known" vulnerabilities (Score:4, Interesting)
Since Microsoft anounced it's policy of attempting to keep the lid on the security holes that exist within it's software, I would assume that 'known' means ones that they are willing to reveal to us.
So the word 'all' preceeding 'known' has no meaning since Microsoft itself admits to witholding the true extent of the damage its software can do to your system through security holes.
I consider this another decietful marketing attempt to make consumers feel safe about their products despite their worse than poor track record. They may not be outright lying, but there planting the seeds for others to do it for them. How many sysadmins will now send out an email saying that "IE will be free from all security bugs by installing this patch"? Of course that is a lie.
Can't turn off search-from-toolbar?? (Score:4, Informative)
What happened? That bloody search-from-the-address-bar thingy had turned itself on. Oh well, I say, just go to Options -> Advanced -> Do Not Search From The Address Bar. I do this, type in "asdfa sdfsdfsa dfwer" (note the spaces) and POW: search-from-the-address-bar turns itself back on.
Much the same thing happens if you change the option and then restart IE.
WTF?
Won't even install! (Score:4, Interesting)
Tried installing the 6.0 UberPatch on 2 separate boxes now, both running W2kPro sp2 with IE 6.0 installed with VS.NET beta2.
(IE v. 6.00.2462.0000 to be exact)
The installation quits with an error telling me I must have IE 6.0 to install.
Also seen as mentioned above similar effect on 5.x versions other than 5.5 with that version install.
Leaves me not exactly feeling warm and fuzzy about whether the actual patch will really patch the holes it's supposed to or not!
Re:Won't even install! (Score:3, Informative)
2462 is not the final release build of IE 6. I think that's IE 6 beta 2, or maybe the "public preview" that went out before XP shipped.
The shipping version of IE 6 is 6.0.2600.0. If you go to Windows Update [microsoft.com] you should be able to install it, and then after you do that install the patch.
IE Vulnerability Page (Score:2, Informative)
Re:Hmm... (Score:2, Funny)
That's easy !
$ wine iexplore.exe
err:win32:PE_fixup_imports No implementation for SHLWAPI.dll.249(StrRetToStrW) imported from C:\windows\system\shdocvw.dll, setting to 0xdeadbeef
wine: Unhandled exception, starting debugger...
ah, well. "apt-get install mozilla" , then I guess...
Re:Attribution where attribution is due, please... (Score:2)
Re:Attribution where attribution is due, please... (Score:2)
Re:Untill the next one is found next week (Score:4, Funny)
Re:Untill the next one is found next week (Score:3, Insightful)
Just like any large software project, including the Linux kernel, KDE, Mozilla, you name it.
Re:not too bright (Score:5, Informative)
The update only works with IE 5.5 or 6.0. You might be running 5.0.
Interesting note: If you read the bulletin [microsoft.com] and click on the Technical Details submenu, you'll find the worst part:
As someone who does some sysadmin stuff at work, I didn't know this before. This means that a large majority of users (as far as my limited experience goes) that still use IE 5.0 will still have exploit available that won't be tested nor fixed. Wow...
Win2K still ships with IE 5.0, right? (Score:2)
Of course, I don't use IE.
Re:not too bright (Score:5, Insightful)
If you have not already upgraded to these versions then you are (and have been ) vunerable to numerous PAST holes. So if you haven't bothered to upgrade by now, why do you care about patching all of a sudden?
Please mod me up to 5 now thank you.
Re:not too bright (Score:2)
Re:Protecting customers (Score:4, Funny)
Re:who cares? (Score:2)
Re:who cares? (Score:3, Insightful)
CT has mentioned it in the past. Granted, a smaller percentage use IE here than, say, www.yahoo.com, but it is still a significant (and if I remember, majority) browser.
Remember, lots of us are on here from work where we have no choice (I actually have the choice of Mozilla/Netscape, but am too lazy to install it, as IE 5.5 seems okay)
Re:Happy Friday (Score:3, Funny)
Step 2: load onto test box. Start tests.
Step 3: Works great. Create SMS package.
Step 4: Schedule SMS to install the package Saturday at, oh, say three PM.
Step 5: Send out yet another email reminding users that if they don't leave their computers on over the weekend, the full virus scan, software updates and disk defrag that would have run, will infact run on Monday when they come in, and it will NOT be stopped, and their managers know this, even if they don't.
Step 6: Profit!