• On TechRepublic: Five super-secret features in Windows 7
December 10, 2008 7:37 AM PST

Microsoft IE breached by new attacks

by Matt Asay
  • Font size
  • Print
  • 6 comments

There is no question that Microsoft's Internet Explorer has become more secure over time. There's also no question that with roughly 69 percent of the global browser market, IE remains a meaty target.

It is therefore not surprising that IE is under attack, though perhaps the recent breach of fully-patched IE is surprising, as as The Register reports:

The attacks target a flaw in the way IE handles certain types of data that use the extensible markup language, or XML, format. The bug references already freed memory in the mshtml.dll file. According to IDG News, exploits work about one in three times, and only after a victim has visited a website that serves a malicious piece of javascript.

As usual, there is browser security and then there's "user of the browser security." I suspect that the former is pretty strong with IE, but the latter...? Well, if someone wants to foolishly visit suspect sites, perhaps they're getting what they deserve.

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure. You can follow Matt on Twitter @mjasay.
Topics:

Microsoft

Tags:

Microsoft,

IE,

security

Share:
Digg
Del.icio.us
Reddit
Recent posts from The Open Road
Apache: 'No jerks allowed'
Cloud to suck money out of market, report says
When open source isn't (open enough)
SAP wants an open Java process (pot, meet kettle)
Google shifts software value to operations, away from IP
Mobile: Still waiting to see what sticks
Google privacy controls: Most people won't care
Amazon's move mocks EU's fear of Oracle
Related
Phishing, worms spike this year, say Microsoft and McAfee
ChoicePoint to pay $275,000 in latest data breach
Windows 7 default user account control worries experts
TrendMicro to 'protect the cloud'
Microsoft patches critical hole in Windows kernel
More security breaches hit midsize companies
LA approves $7.2 million Google Apps deal
Microsoft patching zero-day Windows 7 SMB hole
Add a Comment (Log in or register) (6 Comments)
  • prev
  • 1
  • next
by MSSlayer December 10, 2008 8:10 AM PST
There are plenty of legitimate sites, mainly those foolish enough to run some MS server, that are compromised and anyone who visits with IE gets blasted. Quite often the exploit requires no effort on the users part.

I think you meant to say: "Well, if someone wants to foolishly use IE, perhaps they're getting what they deserve."

That is closer to the truth.
Reply to this comment
by MSSlayer December 10, 2008 7:23 PM PST
I should have also added: those foolish enough to allow PHP apps on their server along with the MS server caveat.

Gotta be fair to MS :)

In terms of security ineptness, the people behind PHP and many who use it, are easily Microsoft's equal.
by Eddie-c December 10, 2008 8:18 AM PST
How many people, with a history in I.T., remember the constant flow of notices from CERT about disabling scripting as the internet grew ... "exploit alert.. exploit alert ... recommended action ... disable scripting". But of course now too many sites 'have to' give you that rich experience and will only work with scripting enabled instead of actually coding a site that can with with AND without it running. Oh hey, remember lynx anyone? ;)
Reply to this comment
by Ilgaz December 10, 2008 1:41 PM PST
Dare to write that comment here, on this site with Javascript disabled? :)
by gcharlan December 10, 2008 6:51 PM PST
You're wrong here, Matt

Legit sites like CNN, the US Postal Service, and several UK municipalities have been compromised.

http://www.infoworld.com/article/08/10/03/Researcher_finds_evidence_of_massive_Web_site_compromise_1.html

Can't really blame the end users any more :(

-Greg C
Reply to this comment
by Martin_Anon December 10, 2008 11:26 PM PST
That last sentence was just amazingly self-righteous. I enjoy your writing and your articles and expect better from you. I usually expect you to apply a little more thinking to your ideas before publishing something like that.
As for the rest - great stuff!
Thanks.
Regards, Martin.
Reply to this comment
(6 Comments)
  • prev
  • 1
  • next
advertisement

A CNET Conversation with Eric Schmidt

CNET's Tom Krazit and Molly Wood sit down with Google CEO Eric Schmidt to discuss the future of Android, the Chrome OS, the problem of real-time search indexing, and more.

Verizon tests sending RIAA copyright notices

The No. 2 phone company, known for its reluctance to intervene in antipiracy cases, strikes an agreement to forward copyright notices on behalf of the music industry.

advertisement

About The Open Road

Matt Asay brings a decade of in-the-trenches open-source business and legal experience to the Open Road, with an emphasis on emerging open-source business strategies and opportunities. Matt is general manager of the Americas division and vice president of business development at Alfresco, a company that develops open-source software for content management. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

The Open Road topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET