Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!
From: Sandi - Microsoft MVP (sandi_hardmeier_at_mvps.org)
Date: 06/26/04
- Next message: Sandi - Microsoft MVP: "Re: http://www.jetsearch.org"
- Previous message: Sandi - Microsoft MVP: "Re: Hijacker"
- In reply to: BeamGuy: "Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Next in thread: Greg R: "Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Reply: Greg R: "Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Jun 2004 18:19:56 +0800
You're running XP. XP SP2 is not affected by the vulnerability so the
comments you see that the problem 'will not be patched' are obviously
erroneous.
Also, the only reason this problem occurred is because those who are
responsible for the web servers either didn't patch their systems, or
patched and didn't reboot.
-- Hyperlinks are used to ensure advice remains current _______________________________________ Sandi - Microsoft MVP since 1999 (IE/OE) http://inetexplorer.mvps.org/ BeamGuy wrote: > I have taken this notice from the http://isc.sans.org/diary.php > ---- > A large number of web sites, some of them quite popular, were > compromised earlier this > week to distribute malicious code. The attacker uploaded a small file > with javascript to > infected web sites, and altered the web server configuration to > append the script to all > files served by the web server. The Storm Center and others are still > investigating the > method used to compromise the servers. Several server administrators > reported that > they were fully patched. > > If a user visited an infected site, the javascript delivered by the > site would instruct the > user's browser to download an executable from a Russian web site and > install it. Different > executables were observed. These trojan horse programs include > keystroke loggers, > proxy servers and other back doors providing full access to the > infected system. > > The javascript uses a so far unpatched vulnerability in MSIE to > download and execute > the code. No warning will be displayed. The user does not have to > click on any links. > Just visiting an infected site will trigger the exploit. > ---- > Other posters here who claim to know something say that this > vulnerability will not be patched in MSIE. If so then as far as I can > tell MSIE is dead as a browser. I cannot afford to use a browser that > lets any website that I visit to download malware and execute it - > and does not even bother to patch it when the flaw is discovered! > > And no - I cannot use a browser with the security setting set to > maximum either. Thank you very much Microsoft, think of something > else.
- Next message: Sandi - Microsoft MVP: "Re: http://www.jetsearch.org"
- Previous message: Sandi - Microsoft MVP: "Re: Hijacker"
- In reply to: BeamGuy: "Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Next in thread: Greg R: "Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Reply: Greg R: "Re: Is MSIE dead as a browser - if Microsoft does not patch it then it is as far as I am concerned!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
