×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Microsoft Issues Advisory For Internet Explorer Vulnerability

samzenpus posted about 7 months ago | from the watch-out dept.

Security 152

jones_supa (887896) writes "Neowin reports how Microsoft made a rare weekend post on its Security Response Center blog to announce an advisory that affects all currently supported versions of Internet Explorer (versions 6 to 11). The issue is based on a newly discovered exploit that could be used against the web browser. The vulnerability exists in the way that IE accesses an object in memory that has been deleted or has not been properly allocated. Memory may be corrupted in a way that could allow an attacker to execute arbitrary code in the context of the current user. Microsoft is aware of 'limited, targeted attacks' that have used the exploit. IE 10 and 11 are protected against attacks using this exploit if they have their Enhanced Protected Mode turned on. Also, PCs that have either the Enhanced Mitigation Experience Toolkit 4.1 or the EMET 5.0 Technical Preview installed are also secured against this security hole. Microsoft will take the appropriate action to protect its customers by delivering a security update."

Sorry! There are no comments related to the filter you selected.

Windows XP (5, Interesting)

Jagungal (36053) | about 7 months ago | (#46854609)

I wonder if this is going to be one of the first big exploits that will affect Windows XP and leave the masses of users still using it vulnerable.

Re:Windows XP (2)

yuhong (1378501) | about 7 months ago | (#46854611)

What is funny is that the current exploits do not target XP.

Re:Windows XP (1)

turkeydance (1266624) | about 7 months ago | (#46854691)

amazing. xp might be overlooked with by malware.

Re:Windows XP (1)

SumDog (466607) | about 7 months ago | (#46854697)

It's the new OS/2

Re:Windows XP (1)

slowdeath (2836529) | about 7 months ago | (#46854765)

Probably Microsoft did not list XP because it is "no longer supported..." Some of the IE versions listed certainly do run on XP.

Re:Windows XP (1)

Neo-Rio-101 (700494) | about 7 months ago | (#46855037)

They'd be absolutely stupid to not capitalize on this and push people to the poker-machine-look-a-like Windows 8

Re:Windows XP (1)

SpaceLifeForm (228190) | about 7 months ago | (#46854897)

Funny by happenstance? Or Funny by design?

Perhaps this is a ploy to drive sales of the garbage known as windows 8.

Re:Windows XP (1)

yuhong (1378501) | about 7 months ago | (#46855161)

I mean in the sense that people have been predicting the rise of WinXP exploits after it ended support. And the April 2014 date comes from 2 years of mainstream support after Vista was released plus 5 years of extended support afterwards BTW.

Re:Windows XP (2)

denbesten (63853) | about 7 months ago | (#46855085)

> What is funny is that the current exploits do not target XP.

More likely is that Microsoft is no longer testing/reporting on XP, so we do not know if it is vulnerable or targeted. Given that the vulnerability is with the browser, it seems likely that XP would be vulnerable. The significant difference being that the forthcoming MS hot-fix that may or may not install on XP and definitely will not apply via automatic updates.

Re:Windows XP (0)

Anonymous Coward | about 7 months ago | (#46854687)

Probably not because it affects ALL versions of IE, so a platform-independent patching effort is necessary anyway - they could be dicks and block it for XP I guess...

Re:Windows XP (1)

Culture20 (968837) | about 7 months ago | (#46855203)

That's the thing: XP no longer receives security patches. It's reached EOL.

Re:Windows XP (0)

Anonymous Coward | about 7 months ago | (#46855255)

That doesn't mean there won't be one that works on versions of IE installed on XP. It means you won't get it from "windows update" perhaps.

Re:Windows XP (1)

NJRoadfan (1254248) | about 7 months ago | (#46856377)

Its very likely a patch will be made for Windows Embedded POSReady 2009. We'll see what pops up on Windows Update next month. Since its basically XP SP3, its likely someone will "crossport" the patch to retail XP.

Re:Windows XP (1)

suss (158993) | about 7 months ago | (#46854877)

Meanwhile, people will be wondering if this vulnerability has been known for at least a month, possibly much longer, because those Windows 8 licenses haven't been selling as well as expected...

Re:Windows XP (2)

Skuld-Chan (302449) | about 7 months ago | (#46855353)

XP users will still get patches for individual products like Office and IE.

Re:Windows XP (1)

SpaceLifeForm (228190) | about 7 months ago | (#46855747)

But his Billness said that IE is part of the OS!

Re:Windows XP (1)

Bing Tsher E (943915) | about 7 months ago | (#46856305)

That was back with Windows 98. Explorer.exe was integrated with IE back then. They ended that because your browser shouldn't crash your whole desktop.

Get with the times.

Re:Windows XP (0)

Anonymous Coward | about 7 months ago | (#46855611)

First? They only need one.

Re:Windows XP (0)

Anonymous Coward | about 7 months ago | (#46855613)

Very F#cking suspicious coming from them now.. This is why we can't trust ANYONE.

Re:Windows XP (-1, Troll)

LordLimecat (1103839) | about 7 months ago | (#46855759)

Not sure why this is "interesting": why no comments on CVE-2013-2094 (Local Privilege Escalation Vulnerability) [securityfocus.com] which affects the most recent release of the Linux 2.4.37 kernel, and hasnt been patched for users on that kernel for a year now?

I mean after all, both XP and Linux 2.4 are about 12 years old.

Re:Windows XP (-1)

Anonymous Coward | about 7 months ago | (#46856183)

Fuckwit.

Re:Windows XP (1, Insightful)

Kalriath (849904) | about 7 months ago | (#46856311)

Not really, it's just as relevant. XP is 12 years old, hasn't been on sale for about 5 years, and is no longer supported. There are multiple upgrade paths including Windows 7, Windows 8, OS X (well, if you buy a Mac) and even Linux. If the Linux Kernel team isn't expected to continue patching the 2.4 kernel, why should Microsoft be expected to keep patching XP?

In other news ... (-1, Troll)

Anonymous Coward | about 7 months ago | (#46854659)

... people still use Internet Explorer.

Re:In other news ... (4, Funny)

Anonymous Coward | about 7 months ago | (#46854689)

How else are you supposed to download Chrome or Firefox on Windows?

Re:In other news ... (2)

TechyImmigrant (175943) | about 7 months ago | (#46854759)

>How else are you supposed to download Chrome or Firefox on Windows?

wget.

Oh no. That's Linux.

How is wget practical for most? (1)

tepples (727027) | about 7 months ago | (#46855283)

On several GNU/Linux distributions, Firefox and Chromium are available through the built-in app store. (Or should I say "APT store"?) But let's assume for a moment that Wget.exe for Windows is installed to a folder on the %Path%.

C:\Users\pino>wget
wget: missing URL
Usage: wget [OPTION]... [URL]...

Try `wget --help' for more options.

How is the median user (not an outlier technophile like much of the Slashdot population) expected to parse out a download URL from the result of wget http://getfirefox.com/ [getfirefox.com] or wget http://mozilla.org/ [mozilla.org] without using IE?

Re:How is wget practical for most? (2)

unrtst (777550) | about 7 months ago | (#46855503)

This whole line of thought is broken by bad assumptions. You ask:

How is the median user (not an outlier technophile like much of the Slashdot population) expected to parse out a download URL from the result of wget http://getfirefox.com/ [getfirefox.com] [getfirefox.com] or wget http://mozilla.org/ [mozilla.org] [mozilla.org] without using IE?

If you didn't include those URL's, you'd be closer to having a point. However, you did include them. Where'd they get those? They can get the download URL from the same place (maybe it was a friend, or an email, or an IM, or off a magazine ad... I have no idea).

You also added in the condition that it be for a median user, which the AC that TechyImmigrant was replying to did not include.

For a median user, they'll probably keep using whatever was installed when they bought their system, or maybe something someone else installed for them.
Slight above that, it depends on their OS. If on Windows, they'll probably use IE, search bing for Firefox or Chrome, and click around (duh).
That still doesn't apply to the question... how else are you supposed to download ?

That's a great question. You can't even use a naive "telnet getfirefox.com 80"... that'll just get you a 403 forbidden! If you include the "Host: getfirefox.com", then it'll give you a redirect to https://www.mozilla.org/firefo... [mozilla.org]
NOTE: that's https... if you try to go to the non-ssl version, it just redirects to the HTTPS again. So you can't get that without something like "openssl s_client -connect www.mozilla.org:443", and I don't think you'll find that on windows.

ftp works with a little digging through ftp.mozilla.org (assuming you know that url). Finding the binary is pretty easy. One needs to know some basics, but it's one of the easiest protocols out there. Ok for a median user? probably not. But it IS an option.

You could also have someone email it to you (if you can get files that big), or send you a CD or thumb drive with it (ex. your kind sysadmin at work might do this for you if you ask nice just to get rid of another IE 6 user). This technique worked for newbs back in the day (aol cd's and floppies anyone?), so why not now?

Re:In other news ... (0)

Anonymous Coward | about 7 months ago | (#46855383)

wget.

Oh no. That's Linux.

C:\>wget
wget: missing URL
Usage: wget [OPTION]... [URL]...
 
Try `wget --help' for more options.
 
C:\>

Re:In other news ... (1)

LordLimecat (1103839) | about 7 months ago | (#46855773)

You can always use FTP, though its pretty miserable.

Re:In other news ... (1)

Culture20 (968837) | about 7 months ago | (#46855877)

Powershell can download via http. So can vbscripts.

Re:In other news ... (4, Informative)

Anonymous Coward | about 7 months ago | (#46854813)

Maybe

ftp.exe -A ftp.mozilla.org
cd /pub/mozilla.org/firefox/releases/latest/
ls ...
binary
get ...

How do you find the FTP hostname and path? (1)

tepples (727027) | about 7 months ago | (#46855263)

That would work for someone dead-set on avoiding loading IE at all costs. But in practice, I imagine that most people aren't going to discover the hostname "ftp.mozilla.org" or the path string "/pub/mozilla.org/firefox/releases/latest/" very easily, especially without using either IE or another computer.

Re:How do you find the FTP hostname and path? (0)

Anonymous Coward | about 7 months ago | (#46855761)

Doesn't need to discover the path, can just navigate to it from the root. Try it.

And well, if one want to install the Mozilla Firefox browser downloaded using ftp isn't rocket science to figure the hostname out...

Re:How do you find the FTP hostname and path? (0)

Anonymous Coward | about 7 months ago | (#46855951)

Except that trying to download the latest version from their ftp server gives me a 550 error and the banner tells me to use ftp://releases.mozilla.org. The problem with that is releases.mozilla.org filters syn packets to port 21 and, hence, I cannot use ftp with them at all.

Re:In other news ... (0)

Anonymous Coward | about 7 months ago | (#46854695)

Uh... yeah... People use banks, pay their mortgages, file insurance claims, and occasionally use work intranet sites.
If those things were updated, IE marketshare would probably plummet.

I still *need* to keep a Wine bottle with IE simply so that I can pay my mortgage, and that is even though I also have a Windows 7 laptop since the webpage just doesn't work under anything newer thanks to some badly written ActiveX.

You should get a better mortgage company (0)

Anonymous Coward | about 7 months ago | (#46854777)

Why do you support people who do that?

Re:You should get a better mortgage company (0)

gmhowell (26755) | about 7 months ago | (#46855029)

Why do you support people who do that?

You can't always choose who your mortgage gets sold to.

Re:You should get a better mortgage company (1)

tepples (727027) | about 7 months ago | (#46855293)

What prevents you from refinancing? Does refinancing cost substantially more than a copy of Windows 8.1 to run in a virtual machine?

Re: You should get a better mortgage company (0)

Anonymous Coward | about 7 months ago | (#46855983)

Yes! Yes it does

Re:You should get a better mortgage company (1)

Ol Olsoc (1175323) | about 7 months ago | (#46855995)

Why do you support people who do that?

You can't always choose who your mortgage gets sold to.

Automatic deduct?

Be glad it's not Open Source (4, Funny)

Teun (17872) | about 7 months ago | (#46854683)

Be glad it's solid commercial software developers were paid for.

The exploit requires Flash (1)

SpaceLifeForm (228190) | about 7 months ago | (#46855777)

Link [fireeye.com]

I suspect this exploit has existed for many years now, probably used by NSA too.

To paraphrase Ballmer... (1)

msobkow (48369) | about 7 months ago | (#46854685)

To paraphrase Ballmer...

"Linux, Linux, Linux!"

IE6 (1)

SumDog (466607) | about 7 months ago | (#46854701)

Wait...IE6 is still supported? WTF?!

Re:IE6 (0)

cmdrbuzz (681767) | about 7 months ago | (#46854781)

Yes, technically under Windows 2003 (Server) IE6 is "supported". Still sucks as a browser though.

Re:IE6 (1)

Billly Gates (198444) | about 7 months ago | (#46854843)

Re:IE6 (0)

Anonymous Coward | about 7 months ago | (#46854881)

IE 8 no longer is supported either

Sigh, learn to read, starting with the webpage you linked to.

IE8 on XP is no longer supported.

IE8 on other supported operating systems IS supported.

Re:IE6 (1)

Billly Gates (198444) | about 7 months ago | (#46854923)

This was from a Windows 7 system

Re:IE6 (0)

Anonymous Coward | about 7 months ago | (#46854931)

IE 8 no longer is supported either

Sigh, learn to read, starting with the webpage you linked to.

IE8 on XP is no longer supported.

IE8 on other supported operating systems IS supported.

Let's see from the website ...

"*As of April 8, 2014, technical assistance for Internet Explorer 8 is no longer available, including security patches that help protect your PC.

If you continue to use Internet Explorer 8 after support ends, your computer will still work but it might become more vulnerable to security risks. If you connect your PC to the Internet and use Internet Explorer 8 to surf the web after support ends, you might be exposing your PC to additional threats
"

Maybe my reading comprehension is not as good as yours but I swear I did not see XP anywhere on there?!

Re:IE6 (4, Interesting)

viperidaenz (2515578) | about 7 months ago | (#46855131)

You forgot the fact that only IE6, IE7 are available for Windows 2003 Itanium. That's supported until next year.
Windows Server 2008 Itanium only supports up to IE8, which is supported until 2020.

That page is specific to XP. Click the "learn more" link just after the quoted text you pasted.

Re:IE6 (1)

LordLimecat (1103839) | about 7 months ago | (#46855783)

I dont think its that big a deal: how many viruses are targetting itanium?

Re:IE6 (1)

viperidaenz (2515578) | about 7 months ago | (#46856089)

The point is, IE6, 7 and 8 are still supported despite the claims of parent posts.

Re:IE6 (1)

Bing Tsher E (943915) | about 7 months ago | (#46856329)

In a similar vein, Internet Explorer runs on Solaris, since there once was a version that did.

To paraphrase a very bad politician, "At this point, what difference does it make?"

Re:IE6 (1)

yuhong (1378501) | about 7 months ago | (#46855147)

I believe this is an error.

Re:IE6 (1)

LordLimecat (1103839) | about 7 months ago | (#46855807)

IE8 is supported still:
http://en.wikipedia.org/wiki/I... [wikipedia.org]
You can also check the lifecycle on MS's website, which seems to indicate 10 years (5 standard, 5 extended) support for IE. That jives with what Wikipedia is saying, particularly with IE7 (2006) being in extended support.

Re:IE6 (1)

viperidaenz (2515578) | about 7 months ago | (#46854853)

Until 14/07/2015!

IE7 is around until 14/01/2020 thanks to Windows Server 2008.

Re:IE6 (0)

Anonymous Coward | about 7 months ago | (#46854991)

Nope.

IE 8 and under are no longer supported [microsoft.com]

Re:IE6 (2)

viperidaenz (2515578) | about 7 months ago | (#46855095)

Click the learn more [microsoft.com] link on that page. It's specifically for Windows XP.

If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP.

I don't see where it says Windows Server 2008 support is affected.

The security announcement for this exploit specifically mentions all affected supported software, include IE6 on Windows Server 2003 Service Pack 2.
Microsoft can't say "Yes we support the OS at this Service Pack level, exception this specific fundamental component that can not be removed, you need to install a different version of it that doesn't quite work the same."

Re:IE6 (1)

bloodhawk (813939) | about 7 months ago | (#46855021)

Actually no. Even on Windows 2003 it is NOT supported any more. you either need to upgrade to a supported version or be without support for that part of the system.

Re:IE6 (0)

viperidaenz (2515578) | about 7 months ago | (#46855105)

"that part of the system" you mean the entire GUI?
Stop spreading lies.

Re:IE6 (1)

LordLimecat (1103839) | about 7 months ago | (#46855813)

Internet explorer is considered a separate product. Its not "the GUI".

Re:IE6 (0)

viperidaenz (2515578) | about 7 months ago | (#46856099)

The rendering component of IE is used by the shell.
Windows Explorer and Internet Explorer share common components.

Re:IE6 (0)

Anonymous Coward | about 7 months ago | (#46856433)

You do realise retard that Server 2003 ISN'T supported anymore so he really isn't lieing, YOU ARE. you can only get support for 2003 with very expensive custom support contracts.

Re:IE6 (0)

Anonymous Coward | about 7 months ago | (#46855003)

no, it isn't supported, not even on OS's that orginally came with it, however they will probably patch it as a shit ton of orgs still run it.

Re:IE6 (1)

viperidaenz (2515578) | about 7 months ago | (#46855117)

It's supported on the latest supported service pack for all Windows products.
Which means IE6 is supported on Win 2003 SP2 for x86, x64 and Itanium.

Uninstall IE6? (0)

Anonymous Coward | about 7 months ago | (#46854745)

Browsers other than IE are not affected and/or can pe patched.
Can someone remind me how to uninstall IE from Windows?

Re:Uninstall IE6? (1)

gadget junkie (618542) | about 7 months ago | (#46854815)

Browsers other than IE are not affected and/or can pe patched. Can someone remind me how to uninstall IE from Windows?

you cannot, as per testimony by the company in the antitrust investigation. I do wonder how to translate "schmucks" in legalese.

Re:Uninstall IE6? (1, Troll)

X10 (186866) | about 7 months ago | (#46854845)

Of course you can. You uninstall IE6 by uninstalling Windows. Then you install Ubuntu, and you have a choice of Firefox or Chrome.

Re:Uninstall IE6? (0)

Anonymous Coward | about 7 months ago | (#46855183)

Even the most advanced dimwit knows not to install that ubuntu garbage. Get yourself a *real* distro.

What's a real distro? (1)

tepples (727027) | about 7 months ago | (#46855301)

To avoid a "no true Scotsman" fallacy, I'd like to know what definition of "real distro" you plan on using.

Re:Uninstall IE6? (0)

Anonymous Coward | about 7 months ago | (#46855267)

Mod parent up. This worked beautifully for me.

IE (and its holes) are "deeply integrated w the OS (2)

raymorris (2726007) | about 7 months ago | (#46855313)

Also very interesting is WHY it can't removed. According to Microsoft's testimony, IE is "deeply integrated with the OS" and removing it would make the OS not longer work. If it's deeply integrated into the OS and it's full of huge security holes ...

Quite apart from the number of bugs, I'm very glad that Firefox is just a web browser. All it does is display web pages. So Firefox bugs basically just affect web pages. Any problems with Firefox are not problems that go deep into the OS.

Re:IE (and its holes) are "deeply integrated w the (0)

Anonymous Coward | about 7 months ago | (#46855437)

It's not integrated with the NT kernel anymore than Konqueror a browser in KDE is in Linux distros yet does file mgt.(as does IE/Explorer.exe in Window) raymorris. You've claim to be a coder and you don't know that? Are you really just a web page designer claiming that? Sounds it.

Re:IE (and its holes) are "deeply integrated w the (0)

Anonymous Coward | about 7 months ago | (#46855717)

I don't see where raymorris claimed that IE was somehow integrated with the NT kernel. That seems to be the illogical conclusion that you jumped to. The transcripts are available online, experts, maybe even billg himself claimed that IE was so integrated that it could not be removed from Windows. An academic somewhere managed to do it (assemble a version of Windows without IE), but that was not allowed to be shown in court.

Re:IE (and its holes) are "deeply integrated w the (0)

Anonymous Coward | about 7 months ago | (#46856057)

If it's not integrated with the kernel then it's easily detectable (taskmgr.exe or processexplorer.exe) is what. Can't do much damage when you can knock it out easily.

a) Konqueror is not the system shell. b) MS testif (1)

raymorris (2726007) | about 7 months ago | (#46856119)

A) Konqueror is not the system shell. Explorer is.

Still, as I said "I'm glad Firefox is just a web browser ...". Do you see the words Konqueror or KDE in that sentence? I'm comparing IE and Firefox. The fact that Konqueror does something else silly isn't really directly relevant.

B) As I said, Microsoft execs testified that IE is deeply intertwined with the Windows OS. I guess you're not aware that an OS is more than just a kernel, so you think Microsoft was committing perjury when they testified to those facts.

It's amazing how far delusional fanbois will go to defend Microsoft, "they didn't make a big security blunder, they all just systematically perjured themselves for several months". Even if you believe that, is perjury somehow better than screwing up?

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856181)

So what. If it's not part of ring 0 operation (rootkit driver) it's easily detected + removed by processexplorer (or even taskmgr many times) and can't do damage. Even if it were a rootkit, a bootup from the installation cd using recovery console or Win7's more modern version of it makes mincemeat out of those too (DEL, DISABLE commands). Since you seem such a webboy fanatic (not a programmer by any means), well, seems Open sores people did such a wonderful job of OpenSSL and Apache struts patches recently too eh? Not. The years of lies of "Windows != Secure, and Linux = Secure" around here? A joke. Look at Android (yes, it's Linux) being torn up daily. Once you get a top spot on any hardware platform, you open sores fools now see that you have to eat your words.

IE is easily removed? I guess Microsoft was lying (1)

raymorris (2726007) | about 7 months ago | (#46856263)

> it's easily detected + removed by processexplorer

IE is easily removed? I guess Microsoft was lying.
What you don't seem to get is that IE is the exploitable process, and it's essential to the system. It's a readily exploitable process that can't be removed mainly because if you do remove it, the system stops working.

Re:IE is easily removed? I guess Microsoft was lyi (0)

Anonymous Coward | about 7 months ago | (#46856293)

Any threats running in IE = easily removed using tools I noted or simpler ones (msconfig or Internet Options).

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856211)

Oh, and you can stop probing and supporting yourself by ac replies too raymorris http://it.slashdot.org/comment... [slashdot.org] since I know that was you for a fact.

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856271)

Haha, I can tell you for a fact, that post was by me, not an anonymised raymorris. I wasn't directly supporting him, but ended up feeding a troll anyway. Here have some more sustenance ...

You seem to love taskman.exe and processexplorer.exe and you're so sure these can dig into anything in the NT kernel. Search around, they can't, there are parts of Windows they cannot get into, especially the DRM parts, so if they cannot get into there there are likely other parts they can't get into. For giggles, why don't you remove all traces of IE from your system, including all the support DLLs?

Then you bring up OpenSSL. Because the code was open, the bug was found and fixed. Can you, oh great expert prove that the Microsoft SSL libraries don't also have the same problem or backdoor? Oh, what's that, you can't read the code to verify the (non)existence of such a bug? Bummer.

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856315)

On my stating killing kernelmode threats is done easily you need to learn to read (recovery console) http://it.slashdot.org/comment... [slashdot.org] all those eyes for OpenSSL didn't stop it from being exploited for years did it? Notice you won't touch the years of bullshit that went on here on slashdot of "Linux = Secure, Windows != Secure" though. Android showed you all you had to eat your words on that that crap. As far as having to prove anything on my end? I don't have to. I did. See OpenSSL security issues and no fix in sight galore as well as Apache struts java framework.

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856453)

On my stating killing kernelmode threats is done easily

Internet Explorer, is not a kernel mode threat is it? It's a vector for an exploit that may get there eventually though. The discussion is about being able to remove all traces of Internet Explorer from a Windows system, which is something that Microsoft's expert witnesses testified could not be done.

"Linux = Secure, Windows != Secure" though. Android showed you all you had to eat your words on that that crap.

Except, OpenSSL and Apache Struts != Linux, so having a problem with either of those in no ways makes Linux insecure. In fact, it's very possible to build and run a Linux installation without either of those two components installed or running. As for Android, are these exploitable vulnerabilities present in the Linux kernel level or the proprietary Android level -- you of course know they are two different things?

So, what's the point of explaining that things like OpenSSL, Apache Struts and Android are separate from the Linux kernel? A vulnerability in any one of those does not equal a vulnerability in the Linux kernel and because they can be removed they also don't equal a vulnerability in a Linux system. Unlike IE in Windows, which Microsoft experts testified under oath, is integral to Windows and could not be removed, so when there is a vulnerability in that, then there is a vulnerability in the Windows system. But you know more about Windows than Microsoft's own experts right?

As far as having to prove anything on my end? I don't have to. I did. See OpenSSL security issues and no fix in sight galore as well as Apache struts java framework.

Oh, so now the bug in OpenSSL that was discovered as being present for two years, in the latest version of the library which in reality was not the most widely used version -- that honour goes to the 0.9.x brach, has been exploited for all that time? Nowhere else have I read that it has been exploited for that long. You're right that you don't have to prove anything, because you cannot prove or disprove the presence of a similar bug in the closed source Microsoft SSL libraries.

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856477)

Infector threats running in IE = easily identified + cleared (Internet Options) or using processexplorer.exe (usermode tools do the job). No muss. No fuss. Ez. As to the rest of what you said. I've been here a long time and know the general sentiments of the open SORES crowd, and I do know they have to eat their words on "Windows @= Secure, Linux = Secure" crap. Android proves it. You're being an apologetic fanboy (projecting on your part eariler in fact) for open sores messes. Not the reverse.

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856335)

Wasn't you raymorris? Ahem (excuse me): *cough* (bullshit) *cough* and you may want to read my other post (you messed up big on kernelmode tools I noted to remove rootkits at ring 0/kernelmode) http://it.slashdot.org/comment... [slashdot.org]

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856499)

Nope, not raymorris. And what the f*ck does using kernel mode tools to remove root kits have to do with removing IE from a Windows system?

it's easily detected + removed by processexplorer (or even taskmgr many times) and can't do damage

Once something has actually installed itself and running at that depth, damage has been done, nothing you do after the fact can stop damage that has already been done.

By the way http://slashdot.org/story/06/0... [slashdot.org] , since then can you really trust those tools to tell you about everything that goes on inside a Windows box?

If there was a little more formatting to your posts and mention of a HOSTS file once or twenty times ... oh crap ... APK?!?!?!

Re:a) Konqueror is not the system shell. b) MS tes (0)

Anonymous Coward | about 7 months ago | (#46856565)

Why remove IE? Use other browsers. There goes your 'argument' ray.Recovery console = read only media (installation media). You can trust that (better than Linux sorescode repositories http://linux.slashdot.org/stor... [slashdot.org] ).

Re:Uninstall IE6? (1)

viperidaenz (2515578) | about 7 months ago | (#46854821)

You can't, without replacing the entire shell.
You can delete the shortcuts, but the rendering engine must stay as it's used by many other things including countless 3rd party products.

Re:Uninstall IE6? (0)

Anonymous Coward | about 7 months ago | (#46854997)

Don't post on slashdot a lot. Guess I forgot the smile :-)

Re:Uninstall IE6? (1)

greg1104 (461138) | about 7 months ago | (#46855157)

Can someone remind me how to uninstall IE from Windows?

fdisk /dev/sda

IE 8 no longer supported and 0wned! (1)

Billly Gates (198444) | about 7 months ago | (#46854835)

I did a re-image of a computer and saw this [microsoft.com]

Since corporations like my own use IE 8 with low rights mode with sandboxing and protected mode turned off so they can run compromised certificates for ancient java I wonder if we will get patched?

This is much scarier as we handle HIPPA and credit card information and can be hacked.

C strikes again! (1, Funny)

Animats (122034) | about 7 months ago | (#46855199)

Another vulnerability due to C's poor handling of pointers.

Re:C strikes again! (0)

Anonymous Coward | about 7 months ago | (#46855671)

Actually, C does not try to handle pointers at all. It treats them just like a long int (with the appropriate cast), allowing programmers that do a poor job handling of pointers plenty of foot gun ammo.

I'm still amazed ... (0)

Anonymous Coward | about 7 months ago | (#46855233)

people lap it up when Microsoft make a statement like "we've rewritten product X from the ground up to be more secure, responsive, etc.".

Inevitably, at some point in the near future there is another statement about a bug that affects the previous six versions of the product, in the same way.

Re: I'm still amazed ... (0)

Anonymous Coward | about 7 months ago | (#46855417)

Except that Microsoft has not once made such a claim. The people lapping it up are those that set up their own strawmen.

Re: I'm still amazed ... (0)

Anonymous Coward | about 7 months ago | (#46855653)

They made the claim about Windows Vista, or 7, after the great code reset. It was supposedly a ground up rewrite to solve all the issues with previous versions of Windows. Ended up suffering from a bug that had been around since NT 4.0 -- actually patched in a 4.0 SP and then reintroduced later on.

Who uses IE anyway? (0)

Anonymous Coward | about 7 months ago | (#46855473)

As above

Internet explorer 6? (0)

Anonymous Coward | about 7 months ago | (#46855569)

Does Microsoft still create patches for MSIE 6? I thought Microsoft discontinued support for MSIE 6 on April 8, 2014. Just asking. Or maybe I misread the article.

Uninstall IE? (0)

Anonymous Coward | about 7 months ago | (#46856381)

How about giving XP users the ability to uninstall IE? That would probably solve 70% of the web vulnerabilities out there, the other 30% being Acrobat/Flash and Java.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?