Jump to content
CCleaner Community Forums
DennisD

Microsoft rushes to fix browser after attacks; no fix for XP users

Recommended Posts

Firefox anyone? Or Chrome perhaps? I think Mozilla and Google should prepare for a big uptick in their server traffic tomorrow. ;)  

Share this post


Link to post
Share on other sites

"IE 6 to 11 accounts for 55% of browser market according to NetMarketShare" - I certainly don't see that reflected in the PC's I see !

And that figure is hugely at odds with the W3Schools stats they have been keeping for more than 10 years.

 

 

Figures and stats, who to believe...?

Share this post


Link to post
Share on other sites

On the date that XP support ended I went into IE and switched it to the 'Work Offline' mode (note that doing so can break some software that relies upon IE for downloading stuff in the background), since I won't have any use for it anymore as I only used it to visit the Microsoft Update site.

 

I don't know if switching it to 'Work Offline' increases security or not - in my mind it sort of does to a degree even if by a very small amount. It is however an easy way to thwart an annoying behavior when installing or uninstalling software that automatically loads its website in IE with either a welcome/thanks page, or a sorry/why are you leaving us survey page.

Share this post


Link to post
Share on other sites

Does anyone have a clue when the updates to fix I.E. will be available? I've been doing a Google search every day since Dennis originally posted on this problem. Everyone seems obsessed with the news that there will be no update for XP, but no one is offering a date when the fix will be available for the other versions of Windows.

Share this post


Link to post
Share on other sites

Some interesting observations here Derek which make sense of your inability to get info on this ...

 

 

Now we get to the meat of the article and what, in my opinion, is the real reason for this announcement: to scare users of Windows XP into upgrading to Windows 7 or 8 and squeezing some more money from their mostly empty pockets.

If this "security leak" was real, then the best advice would be to switch to another browser, independent of your Windows version. I really think this is a scam; that the security risk is either intentional or non-existent and that Microsoft is using its power to extort people into buying new products.

I've tried searching the Microsoft website for more technical information about this security leak, but I couldn't find anything about it. However, the FireEye website has a detailed page on the exploit, which you can find here. (Thanks to BuzzCory for the link)

 

 

http://www.abovetopsecret.com/forum/thread1010094/pg1

 

Can this be true?

 

And who would do such a thing?

 

And finally (taken from the article) ...

 

And there is a fix for XP users: stop using the POS Internet Explorer browser

 

:)

Share this post


Link to post
Share on other sites

And finally (taken from the article) ...

 

I stopped using IE in the very early 2000s.

 

Along with having layered security (anti-virus, anti-malware, firewall) stopping using IE is another key part in helping to avoiding malware.

Share this post


Link to post
Share on other sites

Interesting how this occurred a mere two weeks after support for XP has ended. And curious how this flaw in Internet Explorer was overlooked for such a long period of time. Remember, I.E.6 through 11 are all supposedly affected, and I.E.6 was released in August 2001! You have to ask yourself, just who is in charge of Quality Control at Microsoft, Rip Van Winkle?

 

And I don't think that people are upgrading to newer versions of Windows in the numbers that Microsoft has envisioned. You would be surprised at the number of people that have been turning up on the Linux Mint forum in the last two weeks and asking "how do I install Mint to dual boot with Windows XP?". I know that time marches on, but in this case, I think quite a few people are refusing to keep in step.

Share this post


Link to post
Share on other sites
I.E.6 through 11 

 

 

I thought that was odd Derek, one of the reasons why I made my post more "tongue in cheek" than a serious warning.

 

Plus I gave up on IE years ago.

Share this post


Link to post
Share on other sites

IE is a nightmare, probably a low level problem with Trident that went overlooked until recently. I imagine after Heartbleed, legacy codebases are being examined a bit more thoroughly

Share this post


Link to post
Share on other sites

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx

 

 

At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser.

 

 

We have made the decision to issue a security update for Windows XP users.

Share this post


Link to post
Share on other sites

Thanks for the info MikeW about there being an update available.

 

After a short-filled resuscitation Microsoft stabs XP again -- "end of life".

Share this post


Link to post
Share on other sites

I guess the bug is so severe MS gave in to pressure. But how many times will MS do this again ?

Share this post


Link to post
Share on other sites

I guess the bug is so severe MS gave in to pressure. But how many times will MS do this again ?

Until Financial institutions block XP from on-line transactions they will have to overwhelm MS with pressure to reduce danger.

Even a small percentage of customers with XP computers is a large number of customers to alienate.

Share this post


Link to post
Share on other sites

- One also should keep in mind that the bug concerns IE and not XP. Although IE 6,7 & 8 work "hand in glove" with the XP OS. I guess MS now will double its efforts to push users to start using (at least) Vista or newer. That begs the question: With what IE was Vista shipped ?  (IE 6, 7 or 8 ???).

- Perhaps will reluctantly issue security updates for XP until MS no longer supports MS Security Essentials ........

- Issueing an update for their professional clients also means that it's relatively easy to issue updates for home users.

 

In other words, A LOT OF questions and no good answers. Or only MS knows .........

Share this post


Link to post
Share on other sites

With thousands and thousands of lines of code in operating systems and also in browsers, it's hardly surprising that these things happen.

 

I don't believe that any browser is better than any other at being perfect.

 

Next week it'll be another alert for something else.

 

That's computer life.

Share this post


Link to post
Share on other sites

With thousands and thousands of lines of code in operating systems and also in browsers, it's hardly surprising that these things happen.

 

I don't believe that any browser is better than any other at being perfect.

 

Next week it'll be another alert for something else.

 

That's computer life.

 

 

I couldn't agree with you more Hazel

Share this post


Link to post
Share on other sites

I guess MS now will double its efforts to push users to start using (at least) Vista or newer.

 

From what I've read online they're pushing for users to upgrade to at least Win7, everything I've seen mentions to upgrade to Win7 or Win8.x.

Share this post


Link to post
Share on other sites

Ah. And since Win 7 came with IE 8 MS will try to push everyone to move/upgrade to (at least) IE 8. Good bye IE 6 & 7. That provides some clarity.

Share this post


Link to post
Share on other sites

you always hear about the latest vulnerability in IE and it gives the impression that browser is very weak.

now don't get me wrong, I actually think it is, and have not used it for more than 10 years.

but it's no more vulnerable than any of the others.

it suffers from being the oldest so more of its flaws have been found.

I'm sure FF and Chrome have weaknesses, but they benefit from being younger, not yet exploited and from using the experience gleamed from IE exposures.

Share this post


Link to post
Share on other sites

Maybe IE isn't "no more vulnerable" than other browsers due to the never-ending update patches. However since it's so directly integrated into the system (key point) I think the danger of using it is far greater which has been proven countless times.

 

People who security test anti-malware and anti-virus software to see how it protects against web-based/drive-by infections from what I've seen in YouTube videos always do so via IE. They don't even bother with other browsers (Firefox, Chrome, etc.,) that may be able to auto-protect the system before the anti-malware or anti-virus would even have anything to do.

Share this post


Link to post
Share on other sites

Microsoft must of decided there were still enough XP users out there.  They released this Fix for the Windows XP version of I.E as well. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×