Wednesday, December 17, 2008

Critical Internet Explorer Flaw Discovered

There are many reasons why I recommend that friends switch from Internet Explorer to an alternative browsers like Safari, Firefox, or Chrome. But the most prominent has to be the ongoing litany of security failures seen in Microsoft's flagship internet product. Consider this new vulnerability reported yesterday, which allows an attacker to run arbitrary code on the target system. (i.e. An attacker can download a program to your computer and run it.) That such a vulnerability exists is not itself noteworthy. What is unique is this blurb from the alert.

The vulnerability is confirmed in Internet Explorer 7 on a fully patched Windows XP SP3 and in Internet Explorer 6 on a fully patched Windows XP SP2, and reported in Internet Explorer 5.01 SP4. Other versions may also be affected.
This means the vulnerability is in every supported version of Internet Explorer including the most recent builds running on Vista. Most flaws of this type are specific to a given version, introduced by some well-meaning developer. This one was missed back since at least Exporer 5.

For your own safety, please choose an alternative browser today.

Update 3:05 PM EST: Microsoft has apparently issued a patch to address the vulnerability. I'm staying on Firefox and Chrome for a while myself. Safari on my Mac.

No comments: