Print 16 comment(s) - last by ipay.. on Jan 19 at 2:24 PM

You don't have to use the Wayback machine to go retro -- just go to work for Google. According to Microsoft, they still use IE 6, a dinosaur of a browser, release in 2001.  (Source: Wikimedia Commons)
Stale software products are endangering users, says Microsoft

It's been over eight years since Internet Explorer 6 was released (August 2001) and over three years since Internet Explorer 7 was released (October 2006). However, many IT departments cling to the stale browsers, rather than upgrading to Internet Explorer 8, which was released last March.  Justifications for not upgrading are diverse and include potential compatibility issues with applications, the cost in manpower hours to switch to the new browser, and the potential expense of buying new tools to manage the newer browser.

Microsoft's General Manager of Trustworthy Computing Security, George Stathakopoulos, has released a new statement which warns information technology departments to change their ways when it comes to the slow pace of browser upgrades, or risk losing valuable company information.  The statement follows on the heels of a successful attack on Google, Adobe, and others, which exploited a memory flaw in Internet Explorer 6 (and potentially IE7) to gain system access.

Writes Microsoft, "That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory."

Microsoft's statement touches on the fact that IT departments also frequently are slow in adopting new operating systems or service packs for similar reasons as the browser reticence -- compatibility, cost, etc.

More interestingly, Microsoft's statements indicate that attack victims Google and Adobe (as well as other undisclosed victims) are using the very outdated Internet Explorer 6.  Writes Microsoft, "In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time."

That's somewhat surprising to discover that a cutting edge internet firm like Google still relies heavily on such a stale browser.  Microsoft says that it still does not have a solution to fix the memory flaw in IE6 and IE7.  However, it says that consumers can take comfort in that it is only aware of attacks on commercial users to date.

The company concludes, "In summary, we are not seeing any widespread attacks by any means, and thus far we are not seeing attacks focused on consumers."

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Discongruities?
By JasonMick on 1/18/2010 9:41:20 AM , Rating: 2
I meant fix in the context of a patch/true fix. The flaw exists in IE7, but assuming you use DEP memory protections, it can't be exploited effectively.

DEP is enabled optionally in IE7, but is not a true "fix".

DEP is enabled by default in IE8, but it is also vulnerable to the flaw, if you turned it off for some reason.

RE: Discongruities?
By quiksilvr on 1/18/2010 12:28:21 PM , Rating: 3
How about fixing the title?

Instead of:
Microsoft Warns That Google, Adobe, and Others Still Use IE6/IE7 Are at Risk

Why not:
Microsoft Warns IE6/IE7 Users are at Risk

If you really want to use Google and Adobe in the title, how about:
Microsoft Warns People that Use IE6/IE7 for Google and Adobe are at Risk

RE: Discongruities?
By ipay on 1/18/2010 1:30:13 PM , Rating: 5
Changing "Use" to "Using" will allow the title to make sense. You'd swear some of these DailyTech writers don't proofread their work...


"A lot of people pay zero for the cellphone ... That's what it's worth." -- Apple Chief Operating Officer Timothy Cook

Most Popular Articles5 Cases for iPhone 7 and 7 iPhone Plus
September 18, 2016, 10:08 AM
No More Turtlenecks - Try Snakables
September 19, 2016, 7:44 AM
ADHD Diagnosis and Treatment in Children: Problem or Paranoia?
September 19, 2016, 5:30 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM
Automaker Porsche may expand range of Panamera Coupe design.
September 18, 2016, 11:00 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki