RSSMicrosoft Investigating New IE6 Flaw
By Nate Mook | Published August 30, 2005, 10:58 AM
Microsoft said it is investigating a report of a new potentially critical flaw discovered in Internet Explorer by security researcher Tom Ferris. The problem affects fully patched Windows XP SP2 systems running IE6, and could lead to remote code executation.
Ferris, who has been credited by Microsoft as finding a security vulnerability in the Remote Desktop Protocol, says he reported the issue to Microsoft on August 14. Ferris is not sharing any specifics of the flaw in order to keep users safe while Microsoft develops a patch, but he has posted a screenshot of IE crashing from the bug.
As I WATCH CNN REPORTS CONCERNING THE KATRINA DISASTER AND VIEW THEIR USE OF GOOGLE EARTH TO ILLUSTRATE THE DEVASTATION I AM REMINDED THAT SOFTWARE DEVELOPMENT OUGHT TO GO BEYHOND THE BOTTOM LINE. MICROSOFT CANNOT DEVELOP A SIMPLE BROWSER SUCH AS IE 6.WHAT CAN WE EXPECT FROM VISTA????????????????????????????????????????????
Score: 0
|IE has a flaw, wow this is a first. I can't believe this happend to Internet Explorer. Its SOOO safe. I don't know how this could have happend. HAHA
Score: 0
|Thank you Tom! Finally someone doing it the right way! He found the exploit, contacted MS and is now waiting for them to fix it before going into details about it.
Score: 0
|Most researchers do it that way. The problem is that not everyone will go ahead and install the patch causing problems like zotob.
Score: 0
|zotob was infecting less than 4 days from release of a patch. If you know large corporate networks you know how hard it is to test patches across your enterprise. Had they patched early and it broke their network would they then be free from criticism?
The solution is immediate testing in lab environments, then scales releases across your WAN by specific groups. CNN was up and running fine the next day, btw.
Score: 0
|CNN wouldn't have had any problems if they had a decently secure network.
Score: 0
|