Microsoft rushes to fix browser after attacks; no fix for XP users

page: 1
9
<<   2  3  4 >>

log in

join

posted on Apr, 29 2014 @ 02:15 AM
link   



(Reuters) - Microsoft Corp is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.

PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the 13-year-old operating system earlier this month. Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.

Microsoft disclosed on Saturday its plans to fix the bug in an advisory to its customers posted on its security website, which it said is present in Internet Explorer versions 6 to 11.

Microsoft rushes to fix browser after attacks; no fix for XP users

So, what have we here?

I read a similar news story in my local newspaper (De Telegraaf, Dutch) about this issue, in which it is stated that the US and UK governments are the source for this alarming announcement. That immediately raised some red flags for me, because I would think Microsoft would be the one to announce these sort of issues.

The press release quoted above by Reuters doesn't mention this at all, and indeed makes it look like it was announced by Microsoft.

However, I think it's a very convenient time to announce that virtually all Internet Explorer version still in use (6 to 11) are vulnerable.


Still, he [Aviv Raff, chief technology officer of cybersecurity firm Seculert, ed.] cautioned that Windows XP users will not benefit from that update since Microsoft has just halted support for that product.

The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.
(Emphasis added by me)

Now we get to the meat of the article and what, in my opinion, is the real reason for this announcement: to scare users of Windows XP into upgrading to Windows 7 or 8 and squeezing some more money from their mostly empty pockets.

If this "security leak" was real, then the best advice would be to switch to another browser, independent of your Windows version. I really think this is a scam; that the security risk is either intentional or non-existent and that Microsoft is using its power to extort people into buying new products.

I've tried searching the Microsoft website for more technical information about this security leak, but I couldn't find anything about it. However, the FireEye website has a detailed page on the exploit, which you can find here. (Thanks to BuzzCory for the link)

edit on 29/4/2014 by RationalDespair because: Added link to FireEye website
edit on 29/4/2014 by RationalDespair because: (no reason given)




posted on Apr, 29 2014 @ 02:36 AM
link   

originally posted by: RationalDespair


I've tried searching the Microsoft website for more technical information about this security leak, but I couldn't find anything about it...



FireEye.Com has a page about this exploit, giving an explanation of how it works.

And there is a fix for XP users: stop using the POS Internet Explorer browser. According to what I've been reading, the exploit doesn't work on Chrome, FireFox, or Safari. Seriously, though, I'm wondering if MS won't have a patch on their site soon, either one for all IE versions, or specific patches for each version, that could be downloaded & applied even by XP users.

While I can accept that there won't be any automatic updates for XP, as support has expired, it would be petty of MS not to offer a patch on their site for earlier versions of their security hole that poses as a browser.
edit on Tue Apr 29 2014 by DontTreadOnMe because: fixed code



posted on Apr, 29 2014 @ 02:41 AM
link   
a reply to: BuzzCory

Thanks a lot for that link. I will take a look and maybe incorporate some of it into the OP.



posted on Apr, 29 2014 @ 02:41 AM
link   
Why is it that IE always seems to be the most sieve like, leaky insecure browser ever?
If I cast my mind back I seem to remember every so often another story would appear about how IE is a huge security issue, which is then "fixed". But the fact that this is present in all from 6 -11 is worrying, especially when you consider how long IE has been in existence, it begs the question; Why wasn't is spotted sooner?



posted on Apr, 29 2014 @ 02:44 AM
link   
a reply to: RationalDespair

Huh, so what? Upgrade to Mint Linux and forget Microsoft. Simplest solution I can think of.

Mint Linux



posted on Apr, 29 2014 @ 02:49 AM
link   
The people who write anti-virus software are the same people writing the viruses.

Microsoft is force-feeding their products to us now. XP users are screwed. No choice but to buy the new one.

Planned obsolescence on crack.



posted on Apr, 29 2014 @ 02:52 AM
link   
a reply to: Bassago

I agree, I use Linux at home as well, but that is beside the point of the OP. It is estimated that around 26% of the PCs in the world still use Windows XP.



posted on Apr, 29 2014 @ 02:58 AM
link   
a reply to: RationalDespair
There's really no good reason to use internet exploder, I mean explorer (IE). It's long been considered one of the most vulnerable browsers.

Out of the over a thousand (I haven't been counting, could be over 100,000 for all I know) websites I've tried, I've only found a handful so far that won't work right with anything but IE, and one of them was the windows update site. They use activeX controls which themselves seem to pose a security risk, and I do everything I can to avoid using such sites and IE, but if you do switch to another browser, keep in mind that you may still have to use IE on a few sites that use ActiveX controls.

Personally, I think Google is too "big-brotherish" already so I try to avoid Chrome for that reason, but Firefox is pretty decent if you want to use something other than IE so you can avoid these IE security issues
edit on 29-4-2014 by Arbitrageur because: clarification



posted on Apr, 29 2014 @ 03:04 AM
link   
Gimme a break....

Tell me it isn't very convenient that RIGHT after XP goes on the DO NOT SUPPORT list there is all of the sudden a security breach.

Ill bet you dollars to donuts that the vulnerability was added in latest IE patch



posted on Apr, 29 2014 @ 03:07 AM
link   
a reply to: Arbitrageur

Thanks for the advice. I already use Linux + Firefox, so I'm not personally affected in any way by the IE shenanigans. I just feel that announcing such a major exploit less than a month after support for Windows XP expired is a bit fishy.



posted on Apr, 29 2014 @ 03:11 AM
link   
a reply to: Zaanny

Yes, exactly my thoughts.



posted on Apr, 29 2014 @ 03:11 AM
link   
More important questions:
WTH are you doing using IE still? At least for the last 10 years it has been a contagion pool for all computer related ailments.
And, WTH are you doing using XP still? Its been like 20 years now and there are far better systems in place.
And, XP is no longer supported, deal with it and change OSs.


This is not directed to the OP, just a generalisation.
edit on 2014u15201404am29 by Yusomad because: add last line



posted on Apr, 29 2014 @ 03:16 AM
link   
a reply to: Bassago

Not everyone can use linux. A whole lot of programs out there don't support linux at all. Leaves a lot of people with no choice but to use windows for the programs they need. I am in that boat, love linux, would have switched over full time to linux a long time ago if not for the programs I need.



posted on Apr, 29 2014 @ 03:17 AM
link   
a reply to: BuzzCory




And there is a fix for XP users: stop using the POS Internet Explorer browser.


Probably the best fix.

IE is just terrible in general.




posted on Apr, 29 2014 @ 03:33 AM
link   
I would wait to hear what MS has to say about all this. As far as i can see there should be nothing stopping XP users from updating their IE like anyone else. This sounds like someone trying to give bad press to MS.



posted on Apr, 29 2014 @ 03:58 AM
link   
or is it more propaganda so people buy a new license ?

i know it sounds scary for most, however it is not :

it's working out of the box for most configuration, it's faster, it's taking less resources from your ram and processor, it doesn't spy on you and it's so much safer virus/worn wise + when they make an update they don't make it sound like they just save your life :

it's called linux,

and the ubuntu distrib built on debian is for the everyday people that just use their computer to browse the web, play some video and do some word/excel job (yes there are plenty of alternate to ms office available they are free, work the same and you can save your files as ms office doc - and better even : make pdf in one click)

just do it now and you'll wondered why you haven't done it before

www.ubuntu.com... (the new LTS -long term service- was just released so you get 5 years service from now on - however the next LTS will be better than the current one so you'll be happy to upgrade - unlike when you change windows which is what it is : a gamble)
edit on 29-4-2014 by anHairInTheSoup because: (no reason given)



posted on Apr, 29 2014 @ 04:01 AM
link   
a reply to: PhoenixOD

Interesting point, however my experience from using Windows and IE at work over the years has taught me some things about Microsoft, one of them being that they are not hesitant to release a patch for IE or any other MS product (non-OS) that will check the OS version and simply won't install if it doesn't match the intended platform, regardless whether it would work or not.



posted on Apr, 29 2014 @ 04:05 AM
link   

originally posted by: TKDRL
a reply to: Bassago

Not everyone can use linux. A whole lot of programs out there don't support linux at all. Leaves a lot of people with no choice but to use windows for the programs they need. I am in that boat, love linux, would have switched over full time to linux a long time ago if not for the programs I need.


that's legend, there is only one in fact and it's photoshop which you can run using a virtual machine (or wine if cs2).

there maybe other very few exception that don't work with wine and that concerns very few people (and they can setup a virtual machine which is a nobrainer)



posted on Apr, 29 2014 @ 04:19 AM
link   
a reply to: anHairInTheSoup

The only problem with linux is that the average joe is unable to make it function properly, I have been using computers since the early eighties and I would not use ubuntu for anything not work related, yes you can run vboxes for win programs, but its not the same. And, if you are a gamer, you can kiss ubuntu goodbye.



posted on Apr, 29 2014 @ 04:41 AM
link   
a reply to: Yusomad

another legend !

ubuntu works out of the box for all the common system, there is nothing to do apart import your bookmarks.

if you're a developper or don't have a common system, you are not a common user and should be able to do a google search to find the fix you'll need.

list of games supported by playOnLinux (it does the wine config for you, you have nothing to do) : www.playonlinux.com... (elder scrolls series, borderlands, they're most of all there)

if you play on steam you'll also see everyday more and more games are supported

then at the worst a virtual machine heavily tweaked (kill all services & listeners not needed to run the game )+ a powerful config + a proper snapshot and the loading will be instantaneous and the game experience may even be better

edit : and i forgot to mention steamOS

SteamOS combines the rock-solid architecture of Linux with a gaming experience built for the big screen.
edit on 29-4-2014 by anHairInTheSoup because: (no reason given)





new topics
top topics
 
9
<<   2  3  4 >>

log in

join