Microsoft rushes to fix browser after attacks; no fix for XP users

I dunno how I'm gonna sleep tonight ...

http://www.abovetopsecret.com/forum/thread1010094/pg1

I'll probably disable "Automatic Updates". That should do it.

:)

Firefox anyone? Or Chrome perhaps? I think Mozilla and Google should prepare for a big uptick in their server traffic tomorrow. ;)

"IE 6 to 11 accounts for 55% of browser market according to NetMarketShare" - I certainly don't see that reflected in the PC's I see !

And that figure is hugely at odds with the W3Schools stats they have been keeping for more than 10 years.

Figures and stats, who to believe...?

On the date that XP support ended I went into IE and switched it to the 'Work Offline' mode (note that doing so can break some software that relies upon IE for downloading stuff in the background), since I won't have any use for it anymore as I only used it to visit the Microsoft Update site.

I don't know if switching it to 'Work Offline' increases security or not - in my mind it sort of does to a degree even if by a very small amount. It is however an easy way to thwart an annoying behavior when installing or uninstalling software that automatically loads its website in IE with either a welcome/thanks page, or a sorry/why are you leaving us survey page.

Does anyone have a clue when the updates to fix I.E. will be available? I've been doing a Google search every day since Dennis originally posted on this problem. Everyone seems obsessed with the news that there will be no update for XP, but no one is offering a date when the fix will be available for the other versions of Windows.

Some interesting observations here Derek which make sense of your inability to get info on this ...

Now we get to the meat of the article and what, in my opinion, is the real reason for this announcement: to scare users of Windows XP into upgrading to Windows 7 or 8 and squeezing some more money from their mostly empty pockets.

If this “security leak” was real, then the best advice would be to switch to another browser, independent of your Windows version. I really think this is a scam; that the security risk is either intentional or non-existent and that Microsoft is using its power to extort people into buying new products.

I’ve tried searching the Microsoft website for more technical information about this security leak, but I couldn’t find anything about it. However, the FireEye website has a detailed page on the exploit, which you can find here. (Thanks to BuzzCory for the link)

http://www.abovetopsecret.com/forum/thread1010094/pg1

Can this be true?

And who would do such a thing?

And finally (taken from the article) ...

And there is a fix for XP users: stop using the POS Internet Explorer browser

:)

And finally (taken from the article) ...

I stopped using IE in the very early 2000s.

Along with having layered security (anti-virus, anti-malware, firewall) stopping using IE is another key part in helping to avoiding malware.

Interesting how this occurred a mere two weeks after support for XP has ended. And curious how this flaw in Internet Explorer was overlooked for such a long period of time. Remember, I.E.6 through 11 are all supposedly affected, and I.E.6 was released in August 2001! You have to ask yourself, just who is in charge of Quality Control at Microsoft, Rip Van Winkle?

And I don't think that people are upgrading to newer versions of Windows in the numbers that Microsoft has envisioned. You would be surprised at the number of people that have been turning up on the Linux Mint forum in the last two weeks and asking "how do I install Mint to dual boot with Windows XP?". I know that time marches on, but in this case, I think quite a few people are refusing to keep in step.

I.E.6 through 11

I thought that was odd Derek, one of the reasons why I made my post more "tongue in cheek" than a serious warning.

Plus I gave up on IE years ago.

IE is a nightmare, probably a low level problem with Trident that went overlooked until recently. I imagine after Heartbleed, legacy codebases are being examined a bit more thoroughly

An out of band update has been issued today and it includes XP

http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx

At approximately 10 a.m. PDT, we will release an out-of-band security update to address the issue affecting Internet Explorer (IE) that was first discussed in Security Advisory 2963983. This update is fully tested and ready for release for all affected versions of the browser.

We have made the decision to issue a security update for Windows XP users.

Way to stick to your guns, Microsoft :lol:

Thanks for the info MikeW about there being an update available.

After a short-filled resuscitation Microsoft stabs XP again -- "end of life".

I guess the bug is so severe MS gave in to pressure. But how many times will MS do this again ?

I guess the bug is so severe MS gave in to pressure. But how many times will MS do this again ?

Until Financial institutions block XP from on-line transactions they will have to overwhelm MS with pressure to reduce danger.

Even a small percentage of customers with XP computers is a large number of customers to alienate.

- One also should keep in mind that the bug concerns IE and not XP. Although IE 6,7 & 8 work "hand in glove" with the XP OS. I guess MS now will double its efforts to push users to start using (at least) Vista or newer. That begs the question: With what IE was Vista shipped ? (IE 6, 7 or 8 ???).

- Perhaps will reluctantly issue security updates for XP until MS no longer supports MS Security Essentials ........

- Issueing an update for their professional clients also means that it's relatively easy to issue updates for home users.

In other words, A LOT OF questions and no good answers. Or only MS knows .........

With thousands and thousands of lines of code in operating systems and also in browsers, it's hardly surprising that these things happen.

I don't believe that any browser is better than any other at being perfect.

Next week it'll be another alert for something else.

That's computer life.

With thousands and thousands of lines of code in operating systems and also in browsers, it's hardly surprising that these things happen.

I don't believe that any browser is better than any other at being perfect.

Next week it'll be another alert for something else.

That's computer life.

I couldn't agree with you more Hazel

I guess MS now will double its efforts to push users to start using (at least) Vista or newer.

From what I've read online they're pushing for users to upgrade to at least Win7, everything I've seen mentions to upgrade to Win7 or Win8.x.