Skip to navigation
Latest News

Microsoft: upgrade to IE8, even though it's vulnerable

Internet Explorer 8

By Barry Collins

Posted on 18 Jan 2010 at 07:11

Microsoft is advising its customers to upgrade to Internet Explorer 8 - even though the latest version of its browser is vulnerable to a serious security attack.

The software giant issued a statement urging people to upgrade their browser, after the zero-day exploit that was used to attack companies such as Google went public.

According to Microsoft's security advisory: "the vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution."

But although Internet Explorer 6 has been the source of attacks until now, Microsoft's advisory admits that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7.

Nevertheless, Microsoft is still urging its customers to upgrade their browser to the latest version. "Customers using Internet Explorer 8 are not affected by currently known attacks and exploits due to the improved security protections in IE8," the company claims.

"To help protect our customers, we recommend that all customers immediately upgrade to Internet Explorer 8. Customers should also consider applying the workarounds and mitigations provided in our Security Advisory such as putting Internet zone security settings to High."

Other measures recommended by Microsoft include running the browser in Protected Mode and ensuring users aren't running with administrator privileges.

Microsoft says it's considering issuing a fix outside of the regular Patch Tuesday cycle to address the issue.

Is your business a social business? For helpful info and tips visit our hub.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here
User comments

If only!

I tell you want, this will be the best day in a web developers life. If everyone, including companies, upgraded to IE8, my days as a web developer will be so much more easier, no more testing in multiple versions of IE and fixing stupid problems with IE6 and 7. Please, please, please everyone, every company upgrade!

Bump... Oh, hello reality.... lol

By treadmill on 18 Jan 2010

Agreed.

IE8 may be a siv, just as Firefox is, but it truely is pathetic how many people are still using IE6.

By Grunthos on 18 Jan 2010

IE8 is more secure that its predecessors. So even though upgrading will not protect you against this particular exploit it is still a good idea to upgrade.

By juzilla on 18 Jan 2010

reasons not to upgrade

A lot of companys may be using specific applications developed years ago and upgrading to IE 7 or 8 could break their apps. although it's free to upgrade it may not be free to get your apps reworked to work on another version of IE. Hence why the upgrade uptake is slow amongst businesses

By DaChimp on 18 Jan 2010

@DaChimp

Perhaps a little too subtle, but that's why the "Bump" was added. As a developer, I understand all too well why businesses do not upgrade from IE6. However, I do wonder how many businesses have actually checked this.

Of course, by checking, you are incurring costs, but it would be far cheaper to check whether a business can upgrade to IE8, then at least you'd know.

By treadmill on 18 Jan 2010

This is a great and obvious time for all those companies to switch to an alternate browser - true - they are not IE or M$ - but they don't have this exploit.

By nicomo on 18 Jan 2010

@nicomo

But they (other browsers) might have other exploits that as yet we don't know about! I bet the crooks are looking though all that open source browser code as I write this....

"...frying pan to fire" comes to mind!

By rjp2000 on 19 Jan 2010

The NHS will not move from XP and IE6 ever come 2025 will still be using it

Some programs will only work with IE6 and not IE7 or 8

but the thinking is if some thing goes wrong it better/eaiser to sue M$ than FF or Google

That why hell with freze over before NHS, MOD and other compaines before they move away from XP and IE6

Just a few months ago we got upgraded to XPSP2

Mark

By mprltd on 20 Jan 2010

Upgrading to IE8 would involve replacing Windows 2000 (with it's perfectly working file shares) with Windows XP (with its crippled file shares). Why should I?

By mspritch on 21 Jan 2010

Tried IE8 but went back to IE7 for these 3 reasons

Reason #1:

IE8 doesn't remember the location of the last link you clicked on in the favorites dropdown list.

Reason #2:

IE8 doesn't remember the folder where you added the last favorite.

Reason #3:

After installing IE8 and the Windows Live Essentials update, whenever I changed the window view settings in a folder on the drive following the boot drive the view settings would be duplicated at the root of the boot drive and vice versa.

It was so difficult to fix this problem that there's no way that I'm going to install either IE8 or Windows Live Essentials on this computer and risk it happening again.

By the way, I forgot to mention that Vista 64 Ultimate is installed on this computer and it has 10 ntfs formatted drives. That may be why I haven't found any evidence of it happening to anyone else.

By rmpii on 21 Jan 2010

Leave a comment

You need to Login or Register to comment.

(optional)

advertisement

Most Commented News Stories
Latest Blog Posts Subscribe to our RSS Feeds
Latest ReviewsSubscribe to our RSS Feeds
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
Loading
WEB ID
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2010
 
 

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.