The Register® — Biting the hand that feeds IT

Feeds

Microsoft promises two-step IE fix

Protection first, then an update

By Simon Sharwood, APAC Editor, 19th September 2012
  • print
  • alert

Magic Quadrant for Enterprise Backup/Recovery

Microsoft has promised it will release a fix “in the next few days” to address the recently-identified flaw in Internet Explorer. At the time of writing, it is only possible to work around the bug, or stop using Internet Explorer, if one wishes to avoid the potential effects of attacks exploiting the vulnerability.

In a new TechNet post, Microsoft's Director of Trustworthy Computing Yunsun Wee writes that Redmond will issue a fix he describes as “an easy-to-use, one-click, full-strength solution any Internet Explorer user can install.”

But the fix Redmond issues won't be the end of the matter, as Wee goes on to say “it will provide full protection against this issue until an update is available.”

Which sounds an awful lot like an interim patch, rather than the final and definitive fix.

The sole piece of good news is Wee's statement that the wound in IE isn't being poked at by many attackers. He insists “we have only seen a few attempts to exploit the issue, impacting an extremely limited number of people”. ®

What you need to know about cloud backup

COMMENTS

House Rules Send Corrections
All Reader Comments (13)
Highly Rated
Wild Bill
Reply Icon

Re: Just fix it quick please

RE: Chromium.

Goes to Chromium page -> Clicks link to Windows build -> http://www.chromium.org/developers/how-tos/build-instructions-windows

No thanks. Yes, I could spend the time going through the instructions and feel very satisfied with my new found knowledge and achievements two hours later. Or I could just download another browser, right now.

Is it seriously too much effort for them to put an actual compiled version on their site? Do they want people to use the software? Crazy.

2
0
Grikath

nor is IE a sieve if you kno w what you're doing. It simply is a matter of perspective.

Grikkies' Law: no matter what you do, 1^6 lines of code can never be secure. Best you can do is mitigate the holes that will be there, and get a system in place that plugs them when they're found ASAP in a way that doesn't bollock up the rest of the code.

(people working on [flavour of browser] * [popularity])³ <<<< people trying to find holes in security of code.

Whatever you do, you always lose, and people will be ready with the pitchforks.

2
0
Chris_Maresca
Reply Icon

Re: Just fix it quick please

Er, Chromium?

http://www.chromium.org/Home - Fully open source Google Chrome

http://www.apple.com/safari/ - If you'd like to give your data to Apple...

2
0

More from The Register

Bjarne Again: Hallelujah for C++
Plus: Now officially OK to admit you never used STL algorithms
101
Nuke plants to rely on PDP-11 code UNTIL 2050!
Programmers and their walking sticks converge in Canada
178
Interwebs taunt Sir Jony over Apple eye candy makeover
Hey Ive, Ive... add more unicorns, willya?
79
SCO vs. IBM battle resumes over ownership of Unix
Zombie lawsuit back and wants to suck the brains out of Linux
119
Red Hat to ditch MySQL for MariaDB in RHEL 7
So long, Oracle! Don't let the door hit you on the way out
65
Shy? Socially inadequate? Fiddling with your phone could help
App 'tells the brutal truth' about social inadequates' chatup lines
22
Java EE 7 melds HTML5 with enterprise apps
New release arrives with GlassFish, NetBeans support
12
breaking news
'Office Facebook' firm Tibbr wants you to PAY for mobe-meetings app
Great idea. Punters won't cough for it though
9
breaking news
The only Waze is Google: Ad giant tipped to gobble map app 'for $1.3bn'
Pac-Man-satnav-ish upstart in bidding war with Apple, Facebook
16
breaking news
PM Cameron calls for modern, programmable computers! (We think)
IT education musings to G8 chiefs to mystify IT industry
105