IE flaw puts Windows XP SP2 at risk

A flaw has been discovered in Internet Explorer that could enable a remote attack on systems running Windows XP with Service Pack 2, eEye Digital Security has warned.

The flaw, which also affects systems running Windows XP, is found in the default installations of Microsoft's IE, according to an advisory released by the security company on Thursday.

"The flaw is not wormable but allows for the remote execution (of code) with some level of end-user intervention," said Mike Puterbaugh, eEye's senior director of product marketing.

The discovery of this IE flaw comes just over a month after Microsoft issued a cumulative patch addressing three vulnerabilities for IE.

The new IE flaw also adds to another vulnerability, discovered last month, that affects systems using Windows XP SP2.

Microsoft's Windows XP with SP2 is designed to make it more difficult for attackers to run malicious software on users' computers.

A Microsoft representative confirmed that the company had received the report from eEye and said it will be investigating the issue. Because the details of the vulnerabilities have not been made public, users are not at risk of an exploit being developed to take advantage of the flaw, the representative said.

eEye has provided Microsoft with details about the flaw, but the security researcher does not release details to the public until a vendor has developed a relevant patch or issued an advisory.

[Christopher Hall]

Here come the zealots

"YUO SILLEE MICROSNOT WINDOZE PEE CEE UZERS KEEP USING TEH BROKEEN OPERATING SYSTERMS LOLOL"

~sigh~

[OneWithTech]

This should come as no surprise.......

...to the IT field; patch; after patch; after patch.

Imagine if you will:

That your house has 3 of it's windows open all the time. TwentyFour hours a day, seven days a week.

The chance that a burgular will come upon your house and rob you seems pretty damn good.

Your computer is no different in the sence that; there are numberous security holes still not patched to date. These are security holes that even your antivirus can't defend. That is if your antivirus is still working after Microsoft releases a patch.

You see, programs compiled from many pieces of other programs. When Microsoft has to fix one of those little peices, over even a big peice. The chance that every program installed on your computer is affected too. In one form or another.

This is generally why most programs intstalled on XP are forced to do some form of update. When Microsoft released the integrated firewall and a bunch of other security things. It forced most companies with software installed to come up with compatible code.

When Service Pack 2 was released some time ago Microsoft made quite a few changes. Most of the immediate changes are noticed right away, the rest are noticed when you try to figure out why you XP landscape has changed.

To most people this is all greek, all the setting's to set: Greek. To Me, and the Security Experts like Eeye, this is not greek. It's also a pain in the ass when your diagnosing a computer.

So,if you can image (once again), if's it's a pain in the ass for an expirenced IT guy, then it has to be a lot worse for the programmers that have to release updates due to the release of Service Pack 2.

That is, of course, if your going to take the time to update your programs. A lot of my clients look for alternative's to the more expensive titles. So these alternative programs tend to take a bit longer to produce the necessary patch to ensure compatibility with XP Service Pack 2.

If my writing aren't enough, see for yourself. Due and update on one of the programs on your desktop. Go to the manufacture's website and even see if there maybe and update.

This I guarentee:

You will come up on a manufactures site that will have a visible posting:

Questions and Know Issues with Service Pack 2

Justin

[System Tyrant]

Question.

Why did Microsoft integrate IE's core into the OS?

I have heard that it's because of speed, but I can't tell any difference in the speed at which IE and Firefox render pages.

Is IE's core also part of the file browser in Windows?

I use to believe that IE was integrated because at one time everybody believed that programs and GUI's would be web based. My reason for asking is that I don't think I have ever really heard a reason. Well, at least one that not filled with conspiracy theories.

[Christopher Hall]

I seem to recall...

I seem to recall reading somewhere that IE was tied into the core of Windows in response to Netscape apparently planning to make their own operating system based on the Netscape technologies. Pre-IE4, Microsoft had their internet browser as an independent application. However, this new "threat" was enough to get Microsoft to get a leg up on the competition.

This Netscape OS obviously never came to pass, but we got IE tangled around the core nonetheless.