Microsoft to fix critical hole in IE
In a rare move, Microsoft on Friday said it would be releasing security updates on Tuesday--outside of its monthly patch cycle--for a critical vulnerability in Internet Explorer and a moderate vulnerability in Visual Studio.
The two security bulletins will address one overall issue and are being released separately "to provide the broadest protections possible to customers," Microsoft said in a statement.
The vulnerabilities affect Windows 2000, Windows XP, Vista, Windows Server 2003 and 2008, Internet Explorer 6, 7 and 8, Microsoft Visual Studio .NET 2003, Visual Studio 2005 and 2008 and Visual C++ 2005 and 2008, according to the security bulletin advance notification.
"While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications," the statement said. "The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin."
"The Internet Explorer update will also address vulnerabilities rated as critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported," Microsoft said.
Customers who are current with their security updates are protected from known attacks related to the updates, the company said. The updates will be released through the Microsoft Update, Windows Update, and Windows Server Update services.
A Webcast to address customer questions is scheduled for Tuesday from 1 p.m. PDT to 2 p.m. at this site.
Microsoft typically releases security patches on a monthly basis, the second Tuesday of every month, and did not say why it is making this rare, out-of-cycle release.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
It's the Apple model in action. Looks like Microsoft is learning from Cupertino.
Hey Steve, don't forget about increasing shareholder value, 'kay? Thanks!
...you mean they're finally starting to fix vulns in a timely manner? ;)
Nah - just ribbin' you.
By the way, no vendor (Apple, Microsoft, or otherwise) would publish details (let alone exploits FFS) to vulns that they themselves discover and patch in-house. You can do better than that...
On the matter of patching vulnerabilities, MS since around 2004 onwards has a much better track record than Apple (one of the best in the industry in fact).
So.. have you send that check to Apple for $599 yet for product you stole from them yet? :)
Ah, but I expected you to resort to lies and libel, since your argument fell flat... a sure sign of defeat.
All the moronic web "developers" that learned how to create web pages for IE are going to be in a world of hurt soon since they don't have to background to learn how to do it properly.
IE8 stops the need for proprietary code.
Dang, I wish I could 86 Internet Explorer on my work PC (running Windows XP), but there's some stuff that runs better on IE (like Microsoft Sharepoint) than on Firefox.
For everything else, I run Firefox on this Windows PC.
Microsoft should really rewrite IE based on WebKit.
MSIE was available on Macs. It was preinstalled on my first iBook (circa 2002) running OS X 10.1. It was Microsoft who bailed from Mac OS X. Apple never prevented them from creating a web browser.
Dude - you should've gone to bed or something...
(Trivia: did you know that there was even a version of IE for UNIX at one time? ;) )
Even if it was it would have negligible market share on the Mac - why would people elect to install the worst browser of the pack? The only reason it's got desktop/notebook market share is the same reason Windows has high market share - because it's incumbent and people never get to know any better.
McD
IE isn't available for the Mac currently. Yes, there was a version years ago, but it isn't avaialble now.
That is the only way it will be secure.
(hey, if you want to take cheap pot shots at Microsoft, be ready to get the same back at Apple)
Same for you.
@Vegaman_Dan, although not an apple user myself, one can hardly call their products substandard pieces of swiss cheese. Apple is WAY over priced but that's all. From my short usage of them before, I can tell that if Apple could have the user base that Microsoft has the world of computers would function better. I don't like Microsoft but I'm not willing to pay the 40% Apple tax.
@ckh1272, IMHO people (other than news organizations) shouldn't try to eliminate their biases but rather openly admit them and move on. You can never completely rid yourself of bias. My bias: I am current torn between Firefox and a beta of Chrome with extensions.
You know, that is excellent advice you have given. It's advice you may want to take to heart as well.
BTW, I'm typing this on my MacBookPro, a 15" model. My iPhone is charging from the USB port. I don't even have any PC's powered up. My day job pays me money to *FIX* broken PC's.
Bias? Yes, against idiots and trolls, hence why I call them as I see them. If you feel attention is being unduly brought upon you, then... yeah.
http://news.cnet.com/8301-1009_3-10154662-83.html
The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years
So you won't even use or buy the products that you preach for?
Wow - when even the Microsoft cheerleaders refuse to use their own objects of worship...
-Andreas
http://ITRiskSpace.com
As a matter of fact, they publish several articles, probably hoping to milk that sucker for all it was work, hundreds of thousands of pageviews.
Since you posted to this particular article, I will point out that this bad news (critical IE hole) originates from Microsoft itself. Much of today's bad Microsoft news originates from yesterday's bad news from Microsoft (poor earnings results). These aren't concocted articles. Microsoft has been communicating a bunch of bad news because they don't have much good to announce.
It's not Cnet's fault (heck, Microsoft is probably an advertiser here, I don't know since I use AdBlock Plus).
Sorry about that.
Oh, and today's article about Microsoft opening retail stores wasn't negative.
Things go in cycles. Sometimes you perceive more news about this or that subject than at other times because of the way it's reported and what is on the radar. Remember a couple of years ago when all we had were nearly non-stop news stories in the summer about shark attacks? There weren't really that more attacks taking place, but the focus of the news got turned on it so that was the public perception.
Frankly, I'm more concerned about the issue with Adobe Flash that is being exploited.
I use both IE8 and Firefox 3.5. I feel more secure using IE8 in protected mode in Vista than I do using Fx 3.5 in XP.
None of these Mac users would know such a thing and should stick to commenting on Macs.
As is, I'm using firefox 3.5 on Ubuntu 9.04, I'm plenty safe.
That means you are unprotected
Note: No browser is 100% secure be it IE, Firefox, Safari, Opera or whatever. As long as there are people there will be holes punched through the security of OS's and browsers and all we can do is keep up with the patches.
iPhone is sandboxed, too, yet there have been proof of concept exploits of that.
Mac Users do know about sandboxing, and how it isn't the panacea of there are leaks in the sandbox (or a cat comes and takes a dump in it).
So far, the only sandbox I've seen that can really be described as such is running a virtual machine without a shared disk. Anything that happens in there stays in there, because there is no way out. IE8 is NOT a virtual machine, it interacts with the rest of the OS, and thus there are ways out...
VHD's are pretty good about sandboxing. I'd like to see an OS use that for web browsers on any platform.
It really depends on the type of hole. However, snadboxing/protected mode really does add a significant layer of security. It would be good to see something similar on Safari.
http://twit.tv/sn206
Would you like to start again? Just to rebuild your credibility?
Would you like to correct your statement to regain your credibility once again, or do you want to keep going down this path?
It's up to you.
I'm speculating that every time AppleSuxLeo opens his mouth he damages a few more of his existing brain cells.
There's no clear evidence so I will continue my analysis. Please stay tuned. Thank you.
Come on guys, just let the product stand on its own. It doesn't need you to make apologies for it.
I, for one, have an iPhone and was curious to read the information. I don't care to try and change the subject or dismiss it as irrelevant as you guys have done. I really don't care to stick my head in the sand like that.
IE is hacked upon 24 hours a day by scammers. Why? Because usually no one is going to spent tons of time coding malware for a desktop that is only on 10-15% of systems like osx. But mac users think it's because their mac is built so sturdy, and it's so shiny, osx is wonderful that it's impervious to this sort of thing. But if osx could suddenly be on 90% of deskotps tomororw, it would be hacked within days or weeks. But even this doesn't matter much since macs are getting attacked by malware anyway these days. Even apple issued a warning that it's users should run anti-virus, only to retract it later because it's embarrassing to say that after lying to their customers by hinting they didn't get malware. And yes, I know it gets less malware, but the point is that it's not because Microsoft is a giant bumbling idiot that messes up all the time. That is an illusion. Their company is billions and have been through a lot in the last decade. This illusion that they are stupid is nothing more than an illusion. It's that their software install base is huge, and their products are wide reaching. And that is a fair statement. So there are lots more people looking for ways into it.
But for those who can't read. If you update your machine, just like you do on an imac, the vulnerability is taken care of. Yet the appletard jokes continue. Like gertruded who said sarcastically, "We have been assured that they are safe and it's only XP that as holes". Well I can show you several mac vulnerabilities right now even if they were also patched. And I could also say, sarcastically, "But we all know macs are impervious to attack and have no issues". People. ALL OS's have holes. Get over it. It's just a mater of how big the target is.
Now I use and have been using Windows machine ever since Windows 3.1 (3.0 and prior were a bad joke) and DOS before that although s small business I had once used an Apple IIE (can anyone say "Open-Apple-Reset?). Now I dual boot between XP and Ubuntu but I have to admit...
Them new iMacs sure are beautiful. :D
I'm afraid that I'll be beaten by hardcore mac fans :(
Like jc3340 said before :"ALL OS's have holes. Get over it. It's just a mater of how big the target is."
"Watch out for nose bleed jz33040. It is a common occurrence for people who stand on their soapbox. I am not foolish enough to think that OS X is perfect, but I have heard so many rants like yours that I can't help but laugh a little inside."
Wow... apparently you don't even read your own comments. :)
Well said, jz33040.
I'm going to ask (for the umpteenth time) what Mac model do you own that you can give opinions on it's performance and stability?
@ all other AppleBashingSociopathicMSZombies (sorry, couldn't resist)... please list the Mac models you own, and the current Mac OS you run.
When you've done that... I'll be delighted to read your comments along with the intelligent postings here. Otherwise, I will simply skip them as "non-informative jabberwocky".
: )
PS. I own both Mac (MacPro QuadCore/OSX/OSX Server) and PC (Dell/XP, was not impressed with W7 beta test).
I have 6 computers in the house, I use IE as my browser, and I've never had a virus, malware, or any problems whatsoever.
HAve you ever heard of overclocking? Thats another benefit us pc users get to use ;)
And "The_Decider" was right, those who only learned how to program websites for IE are definitely going to be in a world of hurt when their continued market share decreases more and more and people start complaining that websites are not working/displaying properly, especially in the now booming smartphone market. More and more designers/programmers are almost giving up on making their sites render properly on IE browsers. If your site is written in standards it should work. I'm thrilled to see IE market share plummeting.
@ all the Mac Lovers ...Don't take it personally i know you all love your macs but you are not the best, what u get doesn't justify the price, you are not virus proof and your market share is far too small to be a part of ... sorry
I know i opened a can of worms but i'm happy with my PC even with all its so called windows flaws. Why? because i saved a bunch, i have the choice to thinker with my PC as much as i want and here's the kicker i have a large support group so please Apple-day-Adventists stop trying to preach to the world how much better you mac is cause under all that so called great OS you still have a PC!!! Thank you all for your time and please bash on me all you want cause i don't plan to follow up on this post.
Is there a way I can get around this?
On Dailup, it takes forever!
Give it a try. It's much better than IE8.
Copy & past this url to Opera's download website > http://www.opera.com/browser/next/
- by GEO2003 July 27, 2009 3:13 PM PDT
- Firefox 3.5.1 - That is the point, while it has been available for a week, the bug was discover and patched.
- Like this Reply to this comment
-
Showing 1 of 2 pages (94 Comments)So is the samething with IE 8, the bug was discovered and will be patch tomorow. What is the difference ?
The bottom line and final point is that BOTH have vulnerabilites and are being patch. There is not point in making a big deal about either or how either is better then then other since 98 percent of software is bound to have bugs.