Microsoft: upgrade to IE8, even though it's vulnerable
By Barry Collins
Posted on 18 Jan 2010 at 07:11
Microsoft is advising its customers to upgrade to Internet Explorer 8 - even though the latest version of its browser is vulnerable to a serious security attack.
The software giant issued a statement urging people to upgrade their browser, after the zero-day exploit that was used to attack companies such as Google went public.
According to Microsoft's security advisory: "the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."
But although Internet Explorer 6 has been the source of attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.
Nevertheless, Microsoft is still urging its customers to upgrade their browser to the latest version. "Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8," the company claims.
"To help protect our customers, we recommend that all customers immediately upgrade to Internet Explorer 8. Customers should also consider applying the workarounds and mitigations provided in our Security Advisory such as putting Internet zone security settings to High."
Other measures recommended by Microsoft include running the browser in Protected Mode and ensuring users aren't running with administrator privileges.
Microsoft says it's considering issuing a fix outside of the regular Patch Tuesday cycle to address the issue.
I tell you want, this will be the best day in a web developers life. If everyone, including companies, upgraded to IE8, my days as a web developer will be so much more easier, no more testing in multiple versions of IE and fixing stupid problems with IE6 and 7. Please, please, please everyone, every company upgrade!
Bump... Oh, hello reality.... lol
By treadmill on 18 Jan 2010
IE8 may be a siv, just as Firefox is, but it truely is pathetic how many people are still using IE6.
By Grunthos on 18 Jan 2010
IE8 is more secure that its predecessors. So even though upgrading will not protect you against this particular exploit it is still a good idea to upgrade.
By juzilla on 18 Jan 2010
reasons not to upgrade
A lot of companys may be using specific applications developed years ago and upgrading to IE 7 or 8 could break their apps. although it's free to upgrade it may not be free to get your apps reworked to work on another version of IE. Hence why the upgrade uptake is slow amongst businesses
By DaChimp on 18 Jan 2010
Perhaps a little too subtle, but that's why the "Bump" was added. As a developer, I understand all too well why businesses do not upgrade from IE6. However, I do wonder how many businesses have actually checked this.
Of course, by checking, you are incurring costs, but it would be far cheaper to check whether a business can upgrade to IE8, then at least you'd know.
By treadmill on 18 Jan 2010
This is a great and obvious time for all those companies to switch to an alternate browser - true - they are not IE or M$ - but they don't have this exploit.
By nicomo on 18 Jan 2010
But they (other browsers) might have other exploits that as yet we don't know about! I bet the crooks are looking though all that open source browser code as I write this....
"...frying pan to fire" comes to mind!
By rjp2000 on 19 Jan 2010
The NHS will not move from XP and IE6 ever come 2025 will still be using it
Some programs will only work with IE6 and not IE7 or 8
but the thinking is if some thing goes wrong it better/eaiser to sue M$ than FF or Google
That why hell with freze over before NHS, MOD and other compaines before they move away from XP and IE6
Just a few months ago we got upgraded to XPSP2
By mprltd on 20 Jan 2010
Upgrading to IE8 would involve replacing Windows 2000 (with it's perfectly working file shares) with Windows XP (with its crippled file shares). Why should I?
By mspritch on 21 Jan 2010
Tried IE8 but went back to IE7 for these 3 reasons
IE8 doesn't remember the location of the last link you clicked on in the favorites dropdown list.
IE8 doesn't remember the folder where you added the last favorite.
After installing IE8 and the Windows Live Essentials update, whenever I changed the window view settings in a folder on the drive following the boot drive the view settings would be duplicated at the root of the boot drive and vice versa.
It was so difficult to fix this problem that there's no way that I'm going to install either IE8 or Windows Live Essentials on this computer and risk it happening again.
By the way, I forgot to mention that Vista 64 Ultimate is installed on this computer and it has 10 ntfs formatted drives. That may be why I haven't found any evidence of it happening to anyone else.
By rmpii on 21 Jan 2010
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?
- Ransomware that's better made than antivirus software