Archive for Internet Explorer

Microsoft Releases Patch For Internet Explorer Bug…. Download It ASAP!

Posted in Commentary with tags , on March 30, 2010 by itnerd

Frequent readers will recall that I’ve mentioned a rather serious Internet Explorer bug recently that allowed an evil doer to potentially take control of your computer. Today, Microsoft released a patch for that issue that I strongly recommend that you download. The same patch fixes a bunch of other issues according to the security bulletin that was updated today. My advice is to hit Windows update and get this patch as there are apparently exploits floating around that leverage this bug.

Microsoft Warns Of Security Issue With Internet Explorer 6 And 7

Posted in Commentary with tags , on March 10, 2010 by itnerd

If you really needed a reason to switch from Internet Explorer to something else, here’s one more to add to your list. Microsoft released a Security Advisory warning of a zero day bug with Internet Explorer 6 and 7. The bug could allow an attacker to take control of a machine if a user visited a malicious Web site:

The vulnerability exists due to an invalid pointer reference being used within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

At this time, we are aware of targeted attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

If you want to protect yourself from this, run Internet Explorer 8. Or you can always switch to something else like Firefox.

Microsoft Says Not To Press The F1 Key…. Really. They Did Say That.

Posted in Commentary with tags , , on March 2, 2010 by itnerd

This is too funny to make up. Microsoft has a security advisory that tells you not to use the F1 key which happens to be help in order to protect yourself from a an unpatched bug in VBScript that could run something nasty in Internet Explorer:

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Oh how delightful. This problem exists in a variety of Windows versions with the exception of Vista, Server 2008, and Windows 7. If you’re running anything else, it might be a really good time to switch browsers. Of course, you can always wait until a patch comes out. But this paragraph might make you change your mind:

Microsoft is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone’s best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

Translation: This was leaked and Microsoft isn’t happy about that. It likely means that it will get fixed faster though now that everybody knows about it. But who knows. I say switch browsers, you’ll be safer. Trust me.

Patch To Plug Internet Explorer Hole Is Out Now….. Get It ASAP

Posted in Commentary with tags , on January 21, 2010 by itnerd

Microsoft has begun to roll out the emergency patch that plugs that rather nasty Internet Explorer hole that has been linked to the recent Google hack via Windows Update and Microsoft Update. This security bulletin has all the details that you need to know.  I’m in the midst of installing this update now and I did notice that on my Windows 7 Ultimate VM it flipped the taskbar to the top of the screen after the update. Hmmm… Weird. If anybody else notices anything like that, please leave a comment.

Given the nature of this hole in IE, you should get this patch as soon as you can.

Microsoft To Plug IE Hole On Thursday….. That Was Fast!

Posted in Commentary with tags , on January 20, 2010 by itnerd

You might want to check Microsoft Update at 1PM EST tomorrow as Microsoft is planning on releasing a patch to that IE hole that I told you about yesterday. The software giant has posted a security note on the subject that has all the details. My advice would be to download the patch as soon as it’s available so that you’re protected.

Now if only Apple moved that fast to fix issues like this.

Google Hack Helped Along By Hole In Internet Explorer… Oh Noes!

Posted in Commentary with tags , on January 19, 2010 by itnerd

If you’re still running Internet Explorer, it may be time for you to switch to something else. Why? It now turns out that Internet Explorer helped to facilitate the attack on Google via a security hole in the browser. Microsoft has posted a security advisory on the issue:

Our investigation so far has shown that Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, and that Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are vulnerable.

However, the advisory goes on to say that they’ve only seen attacks using Internet Explorer 6. Therefore if you’re still running that version, you might want to upgrade to Internet Explorer 8 to protect yourself. That’s what France and Germany are suggesting that you do. Or you could just switch to Firefox or Chrome as the same security holes exist in IE 7 and 8. That means that attacks may appear for those browsers as well.

Let’s hope that a patch for this appears quickly as this isn’t a good situation.

Microsoft Wants To Allow Browser Choice For EU Version Of Windows 7

Posted in Commentary with tags , , on July 24, 2009 by itnerd

Typically I am not a fan of Microsoft, but I have to give them points for this. Microsoft has basically relented to European Union antitrust regulators who accused Ballmer and company of “monopoly abuse” due to the fact that they essentially force users into Internet Explorer as their main browser when a Microsoft OS is installed. According to this story, Microsoft Windows 7 will offer users a choice of IE as well as any other browser a computer company sees fit to install. It will also give the user the option to disable IE entirely. That’s a good way of doing it as it truly gives end users a choice.

Hopefully the EU goes for this as I think it’s a great solution. Then once they’re done with Microsoft, perhaps they should look at Apple. After all, I don’t see them including anything but Safari on their systems.

IE8 = The End Of The Internet?

Posted in Commentary with tags , , on March 19, 2009 by itnerd

If you want to see something funny, try doing this:

  1. Go to Google and do a search for “ie8”
  2. Look at the second result. Notice anything weird?

Here’s a picture:


Internet Explorer 8 Hits The Streets [UPDATED]

Posted in Commentary with tags , on March 19, 2009 by itnerd

Microsoft has posted Internet Explorer 8 on its website for those who want to update to the latest and greatest web browser from the evil empire. Although the fact that it was hacked shortly before its release may have you thinking if you want to run at all in the short term until some patches appear. But if it were up to Microsoft, their public relations sock puppets people would have you focus on the following:

In response to extensive customer research and input from tens of millions of customer sessions, Microsoft developed Internet Explorer 8 to focus on what matters most to people. The security enhancements offer protection against existing and emerging security threats online. It blocks two to four times more malware attacks than other browsers; cuts down on the time it takes to complete common tasks on the Web such as searching, mapping and sharing, including navigating 15 of the 20 top worldwide sites; and blurs the lines between the services they use daily and the browser used to access the Internet.

That seems to be validated by at least one reviewer who says that:

This latest version of Microsoft’s browser leapfrogs its closest competition, Firefox 3, for basic browsing and productivity features — it has better tab handling, a niftier search bar, a more useful address bar, and new tools that deliver information directly from other Web pages and services. IE8 has also been tweaked for security and includes a so-called “porn mode,” new anti-malware protection, and better ways to protect your privacy.

Hey, I’m all for things that make my life easier. Plus the “porn mode” is a handy thing to keep the missus from finding out about your love for

In any case, now that IE 8 is out I can now say “Let the browser wars begin!”

UPDATE: The Washington Post has a different view of Internet Explorer 8.

Pwn2Own Hacking Contest Proves Absolutely Nothing Is Safe

Posted in Commentary with tags , , , , , on March 19, 2009 by itnerd

It’s day one at the CanSec Pwn2Own hacking contest and the big boys are falling like stock prices on Wall St. Microsoft took the biggest hit of the day when a Sony Vaio running Windows 7 and the allegedly unhackable Internet Explorer 8 were hacked by a hacker named “Nils” who gets to keep the Sony Vaio as well as pocketing $5000 in cash.

You can expect that Microsoft CEO Steve Ballmer is regretting that he said that Internet Explorer 8 had  “protection that no other browser can match.” Of course the fact that IE 8 got hacked right before it was to be released to the public isn’t good either.

“Nils” later went on to hack Safari (Although he wasn’t the first to do that… More on that in a second) and Firefox later in the day earning mad props from those in attendance. The first person to hack Safari however was Charlie Miller who has “Pwned” Apple in the past. He hacked Safari and took over the Macbook that it was running on seconds into the competition to net him both the Macbook and $10000 cash.

You can bet that “The Steve” is somewhere saying “Curses! Pwned again!”

All the participants who successfully hack something have to sign NDA’s so that the companies who get “Pwned” can fix the issues before exploits appear. So you can expect to see a flurry of patches and updates hitting the streets shortly. Oh and by the way, Windows Mobile, Android, Symbian, iPhone and BlackBerry smart phones are all on the table as hacking targets. So you can expect the fun to continue for the next few days.