You don't have to use the Wayback machine to go retro -- just go to work for Google. According to Microsoft, they still use IE 6, a dinosaur of a browser, release in 2001.  (Source: Wikimedia Commons)
Stale software products are endangering users, says Microsoft

It's been over eight years since Internet Explorer 6 was released (August 2001) and over three years since Internet Explorer 7 was released (October 2006). However, many IT departments cling to the stale browsers, rather than upgrading to Internet Explorer 8, which was released last March.  Justifications for not upgrading are diverse and include potential compatibility issues with applications, the cost in manpower hours to switch to the new browser, and the potential expense of buying new tools to manage the newer browser.

Microsoft's General Manager of Trustworthy Computing Security, George Stathakopoulos, has released a new statement which warns information technology departments to change their ways when it comes to the slow pace of browser upgrades, or risk losing valuable company information.  The statement follows on the heels of a successful attack on Google, Adobe, and others, which exploited a memory flaw in Internet Explorer 6 (and potentially IE7) to gain system access.

Writes Microsoft, "That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory."

Microsoft's statement touches on the fact that IT departments also frequently are slow in adopting new operating systems or service packs for similar reasons as the browser reticence -- compatibility, cost, etc.

More interestingly, Microsoft's statements indicate that attack victims Google and Adobe (as well as other undisclosed victims) are using the very outdated Internet Explorer 6.  Writes Microsoft, "In terms of the threat landscape, we are only seeing very limited number of targeted attacks against a small subset of corporations. The attacks that we have seen to date, including public proof-of-concept exploit code, are only effective against Internet Explorer 6. Based on a rigorous analysis of multiple sources, we are not aware of any successful attacks against IE7 and IE8 at this time."

That's somewhat surprising to discover that a cutting edge internet firm like Google still relies heavily on such a stale browser.  Microsoft says that it still does not have a solution to fix the memory flaw in IE6 and IE7.  However, it says that consumers can take comfort in that it is only aware of attacks on commercial users to date.

The company concludes, "In summary, we are not seeing any widespread attacks by any means, and thus far we are not seeing attacks focused on consumers."

"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Most Popular Articles

Copyright 2018 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki