Comments on: IE flaw threat hits the roof

Danger rating of three Internet Explorer flaws is raised to the highest level by Secunia after exploit code is published.

[Tex Murphy PI]

Unrealistic

Setting the browser "Security" settings to HIGH will render the browsers virtually unuseable - given the large number of ASP and Java web pages out in the internet.

MS really has to stop coming out with excuses and concentrate on making their current products more secure - before they start peddling out the next generation OS (which will only contain the same bugs until they get around to fixing it).

[hion2000]

Exactly. Microsoft has to stop making excuses.

Why, does Microsoft ask us to disable the very features Microsoft themselves created to "enhance the user experience"?

Why, does Microsoft cause incompatibilities with SP2's firewall when the latest vulnerabilities continue to bypass SP2's supposed protection?

Too many questions, too many excuses.

[Al Johnsons]

browsers virtually unuseable

http://www.analogstereo.com/honda_insight_owners_manual.htm

VIRUS INFECTED LINK

After reading thru the article located at http://news.com.com/IE+flaw+threat+hits+the+roof/2100-1002_3-5517457.html?tag=nl ......

I clicked the hyperlink labeled "online test of their systems" in the last paragraph. McAfee Virus Scan popped up on my system immediatetly declaring an infection had been detected. The html file indicated in the message could not be deleted or cleaned. A subsequent manual scan detected two infected .dll files, both of which were immediately deleted. Screenshots of all virus scan detections is available for verification purposes. This incident has been reported to my company's IT Security and Risk Managment depts.

I work for a large public utility company. My role in IT requires that I stay current with technology news. However, picking up a potentially malicious virus from a reputable source such as CNET News.com will not be tolerated and is a strike against the credibility of the site. Please verify your sources before posting links in the future.

Jason Hill

I think you have over-reacted

CNET is referencing a web site which offers to test the vulnerability. This vulnerability is demonstrated by executing a javascript code that is present on this page.

You did not pick up a "virus". What happened is that your filter detected the demonstration code, and correctly identified it as potentially malicious. It is not malicious in this case; it is sample code only.

Note that your system is not vulnerable -- your antivirus software is blocking the vulnerability, so in this case an MS patch is moot. Still, it would be good for MS to fix things and not rely on third parties to fix the problem for them.