A couple of days ago we wrote that the German Federal Office for Security in Information Technology advised German citizens to switch from Internet Explorer (regardless of the version they use) to an alternative browser for security reasons.
Now, the French government has issued a similar advisory, pointing out that Internet Explorer 6, 7 and 8 all share a similar vulnerability, which allows malicious hackers to remotely execute arbitrary code.
The fix? CERTA (Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatique) proposes a switch to an alternative browser.
This is another serious hit for the world’s most dominant web browser, but also one that’s been losing its marketshare in the last couple of years. Alternative browsers — Firefox, Opera, Safari and others — may not have a perfect security record, but all of them have always been perceived as safer alternatives. This latest vulnerability, discovered after the cyber attacks on Google, does nothing to change that notion.
Διαβάστε το αυθεντικό άρθρο εδώ.
Microsoft's Head of Security and Privacy in the UK has told TechRadar that people who jump ship from Internet Explorer after the recent spate of bad headlines risk ending up on a less secure browser.
With France and Germany both advising a move away from Internet Explorer, things are far from rosy for Microsoft's browser, and although the vulnerability has only been used against IE6, the company has not ruled out that something similar could be used against the later versions.
With Microsoft not prepared to give details of how soon a fix will be released, and advising people to leave the appalling IE6 and its successor for the latest version – IE8 – Microsoft's UK security chief Cliff Evans insists that a non-Microsoft browser is the worse option.
Διαβάστε τη συνέχεια εδώ.
Microsoft has issued an Advanced Notification for the out-of-band security bulletin it is releasing tomorrow for Internet Explorer at approximately 10 am PST. The patch will fix vulnerabilities in IE6, IE7, and IE8 on supported editions of Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2—vulnerabilities notably exploited in the recent series of Chinese-based attacks against Google and 30 other tech companies.
Microsoft has previously insisted that the publicly posted exploit code only affects IE6 and as such recommended its users to upgrade. While the software giant says the attacks it sees in the wild are still only successful against IE6, Redmond has rated the flaw "Critical" for all versions of the browser.
Διαβάστε τη συνέχεια εδώ.
Με λίγα λόγια, ΜΠΑΣ και το πιάσει αυτό που λέτε ότι έχετε μέσα στο κεφάλι σας και αποκαλείτε μυαλό:
Η Micro$oft τα έκανε σκατά για πολλοστή φορά με τον Internet Explorer και στην αρχή πήγε να τα φορτώσει στους άλλους ή ακόμη και σε παλιότερες εκδόσεις των προϊόντων τους. Ταυτόχρονα επιμένει, άσχετα που για πολλοστή φορά αποδεικνύεται το αντίστροφο, ότι ο Internet Explorer μετράει σαν λογισμικό έτσι απλά επειδή το λέει η Micro$oft.
Επειδή όμως μιλάμε για την απόλυτη καφρίλα από εταιρία πάρτε και άλλη μια απόδειξη:
Reports have surfaced about a new security hole that has been in Windows since the release of Windows NT 3.1 on July 27, 1993. The vulnerability is present in all 32-bit versions of Windows released since then, including all supported versions: Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7. Microsoft has issued Security Advisory (979682) to address the elevation of privilege vulnerability in the Windows kernel, making sure to note that 64-bit versions of Windows, including Windows Server 2008 R2, are not affected.
Thankfully, the flaw isn't in a commonly used application but in the Virtual DOS Machine (VDM) used to support 16-bit applications. There are several vulnerabilities in this implementation, according to Google security team member Tavis Ormandy, who found the issues.
An unprivileged 16-bit program can manipulate the kernel stack of each process, potentially enabling attackers to execute code at system privilege level. The exploit can be used to open a command prompt with the highest privilege level.
Ormandy claims he informed Microsoft of this hole on June 12, 2009, and the company confirmed receiving his report 10 days later, but it has yet to fix the issue.
Διαβάστε τη συνέχεια εδώ.
ΝΑΙ, καλά διαβάσατε. Πρόβλημα ασφάλειας στα Windows από το 1993 που ΔΕΝ το έχουν φτιάξει ακόμη και ισχύει σχεδόν σε ΟΛΑ τα προϊόντα των Windows. ΝΑΙ και στα Windows 7 παλιοΖΩΑ!!! Είπαμε: Windows 7=Windows Vista Service Pack. Τρομπόνια!
Αξιόπιστη αυτή η εταιρία δεν μπορώ να πω. Τρομερά αξιόπιστη. Να τη χαίρεστε!
No comments:
Post a Comment