Re: Spyware and Adware affect every internet user

Fuzzy Logic wrote:

You're wrong, these flaws are getting exploited all day long. This
has actually gone so far that Microsoft declared some of them to be
features.
References?
<http://technet2.microsoft.com/WindowsServer/en/Library/22fffeb1-66a3-4d5c
-bc12-def57c3354fa1033.mspx>

I was referring to the flaws that are getting 'exploited all day long'.

This is one.

While this is true our locked down configuration of IE has emerged unscathed.

Nah, you just didn't meet the right exploits yet.

For any real webbrowser you can assume that it can't be exploitable
until some vulnerability becomes public, and even then you can already
have the workaround in place, having set up some configuration to limit
the impact or not being vulnerable due to hardening.

That's the current situation for us with IE.

Wrong, as for some (even critical) vulnerabilities there are no such
things like safe configuration or workaround.

BTW, you think misusing IE as a webbrowser is a credible state?
.

Relevant Pages

  • MS released a patch today - MS06-001
    ... Microsoft released a patch for the WMF vulnerability this afternoon. ... Microsoft has tested the following workaround. ... * Unregister the Windows Picture and Fax Viewer on Windows XP ...
    (Bugtraq)
  • Re: [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerab
    ... On 3/27/06, Marc Maiffret wrote: ... This workaround has been created because currently there is no solution ... you experienced and we will work to fix any bugs in a timely fashion. ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)
  • Re: Distributed Firewall
    ... Sounds like a good idea but I see some flaws. ... there is always the vulnerability of the remote console and the ... vulnerability of it being mimicked by a remote attack. ... Training features 6 hand-on courses on May 12-13 taught by professionals. ...
    (Security-Basics)
  • Re: Installing 835732 causes my server to crash
    ... > The FAQ section of the technical bulletin: ... > has workaround information for many of the vulnerabilities in this patch. ... It looks like the LSASS Vulnerability - CAN-2003-0533 ... -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: ...
    (microsoft.public.security)
  • [Full-disclosure] EEYE: Temporary workaround for IE createTextRange vulnerability
    ... eEye Digital Security has created a temporary work around for the ... This workaround has been created because currently there is no solution ... For more information on the vulnerability and a link to download the ...
    (Full-Disclosure)