Microsoft Acknowledges Devastating IE Bug

[CaptainRAVE]

Microsoft has acknowledged a devastating flaw in their Internet Explorer browser, which allows hackers to bypass safeguards in downloading programs, to execute malicious code. Microsoft Outlook and Outlook Express are also affected.

 

Microsoft has known about the problem since mid-November, but is only just now getting around to testing a patch to fix the problem.

 

Microsoft has declined to release exact details about the bug, saying it is too severe to accidentally divulge how to take advantage of it. Recently, MS was forced to release a patch for another IE bug, which had a flaw in how cookies were handled.

[StephenG]

it figures...Microsoft always release un-finished software. I dont use Outlook Express and i turn off my modem when i'm not on the net. i really hope no one has been hacking/downloading on my Computer.

[Agen]

I've know about this for about 2 weeks... i'm lucky i've had Zone Alarm for a lnog while so no-one could have probably got through to me.

[matt--]

That bug was discovered by Georgi Guninski. Basically, IE lets you put a layer with a specific z-index over the download verification box...so basically someone could spoof the name of the download.

Example:

veryBadVirus.exe can show up as funnyPicture.jpg with some clever coding.

[acdcfanbill]

ya, i keep my copy of Zone Alarm close at hand... makes you wonder why MS has everything access the internet...

[StormHammer]

Well, I expect no less from Microsoft. I know they are a prime target for hackers, who are always coming up with new work-arounds, but it still proves MS is not vigilant enough in testing the loopholes in their own software. They are also known to drag their heels to correct such problems, which is not very helpful.

 

Having said that, I don't think switching to other browsers, etc., will necessarily solve the problem. It seems the more popular certain software becomes, there are always those waiting in the wings ready to exploit it's bugs.

 

It does seem to me, though, that MS should be building in more rigid self-monitoring into their software to try and combat the problem.

[Tie Guy]

Well, i'm glad that IE6 didn't work for some reason and i was forced to keep IE5. I'll switch after they get the patch out though....i guess.

[Kurgan]

Yeah I haven't been feeling too benevolent towards microsoft lately myself... though I don't condone the use of malicious hacker code to cause trouble to innocent people. ; p

 

They bought up my ISP and forced my roommate and I to switch over to MSN's service (which is apparently some of the lowest rated service anywhere). Due to one of their "security requirements" and an apparent design flaw, I am forced to use not one, but TWO email programs, one to send, and one to recieve. Needless to say that forcing me to use Outlook after all these years chews the big one. Apparently the very nature of the program and all of its fun script-easy interface leaves it with as many holes as a piece of swiss cheese. Sadly, I have no other choice, other than using crappy web based, or text only email clients. Really sucks having more than one account.. ; p

 

I keep myself up to date as best I can, but then I still have to wait for the fixes to actually get released.

 

Kurgan

[CaptainRAVE]

Originally posted by Tie Guy

Well, i'm glad that IE6 didn't work for some reason and i was forced to keep IE5. I'll switch after they get the patch out though....i guess.

 

Yes, I had that problem and ended up using IE5 again. For some reason IE6 kept crashing every single time I loaded it up......it began to really try my patience ......anyway, I prefer IE5, its much much better in my opinion....actually, its pretty much the same, lol.

[TornSoul]

Microsoft has just released an "Uber-fix" which is suppose to fix all known bugs and some unknown ones (don't ask me how they can fix a bug they don't know).

[digl]

And how many new bugs come with the patch?

[Darth Bjorn]

Originally posted by CaptainRAVE

 

Yes, I had that problem and ended up using IE5 again. For some reason IE6 kept crashing every single time I loaded it up......it began to really try my patience ......anyway, I prefer IE5, its much much better in my opinion....actually, its pretty much the same, lol.

 

Yeah, IE 6 crashes on me all the ti-.....................

[Darth Bjorn]

All the time, that is.

[CaptainRAVE]

Did you go back to IE5 or just put up with the annoying IE6??

[Darth Bjorn]

No. Since I got XP, now, I'll just keep 6. I really think it's the java applets that do it to my, anyway.

[digl]

I have XP with IE6 and it never crashes

Sounds weird, but Its true, It doesn crash!

[CaptainRAVE]

Well arent you the lucky one

[Darth Bjorn]

Well, XP itself hasn't crashed. But IE 6 is a piece.

[acdcfanbill]

i've never had a problem with my XP and IE6, though sometimes while browsing my network, it will spontaniously crash, and i will end it, then somehow the desktop and taskbar fall off screen and all im left with is my background, and anyrunning programs, odd to say the least...

[StormHammer]

At the moment my system is quite stable, running Windows 98 SE (with the latest patches) and IE5. I haven't had a BSOD for many months, now, so I don't think I'll be upgrading from this any time soon. If it ain't broke, don't try to fix it.