IE users advised to switch over flaw |
Register here for our next TechFlash Live networking event, March 23, featuring an expert panel discussing the future of online advertising.
Today On Techflash
- iPhone app maker finds a buyer in Gist
- Amazon releases Kindle for Mac
- Zillow releases Android app
- Bing Maps shoots for the stars
- UpWind spins ahead with $29M
- Bellevue plans pitch for Google Broadband
- NetMotion files for IPO on Toronto market
- Video: Ballmer's dancing avatar
- Video: Standards support in IE9
- Ignition-backed Sparkplug sells assets
Tech Events
Mass High Tech
IE users advised to switch over flaw
[Update: Microsoft plans to release a patch for the flaw Wednesday morning. Details at the bottom of post.]
Microsoft is offering an elaborate set of workarounds to help Internet Explorer users avoid attacks on an unpatched flaw that surfaced last week. Security researchers and bloggers are offering a different solution: Stop using IE altogether, at least temporarily.
"Switch to another browser, preferably Firefox. This is by far the best option," writes Richard Wray of the Guardian in a post today.
For all of the efforts Microsoft has made to tighten the security of its software, the situation demonstrates the continued potential for vulnerabilities to affect market share. Internet Explorer's problems with spyware helped Firefox gain traction several years ago.
The latest flaw lets hackers attack computers that visit compromised Web sites. It's especially concerning because it's a "zero-day" vulnerability, already being exploited before a fix is available. Microsoft says it's investigating the situation and will take "appropriate action," which could include issuing a patch out of its normal monthly cycle.
"I would advise Windows users to consider browsing the Web with anything other than Internet Explorer, at least until Microsoft issues a patch to fix this vulnerability," wrote Washington Post security blogger Brian Krebs in a post after the flaw came to light last week. "It is not my intention to over-hype the situation, but as we have seen time and again, attackers are usually very quick to take advantage of flaws in IE because the program is the default browser for close to 80 percent of the planet."
Microsoft, meanwhile, seems to be grappling with precisely how to characterize the severity of the situation.
In a post Saturday on the Microsoft Malware Protection Center blog, Ziv Mador and Tareq Saade initially wrote that they saw "a huge increase in the number of reports today compared to yesterday." That language has since been changed to say that they saw "an increase of over 50% in the number of reports today compared to yesterday."
Watch this Microsoft site for ongoing details and updates on the flaw.
Update, 2 p.m.: Microsoft said this afternoon that it will issue a special security patch for the Internet Explorer vulnerability Wednesday morning via Automatic Updates and Microsoft Update. Details on this Microsoft page.
About Todd Bishop
Todd Bishop is co-founder and managing editor of TechFlash. He has covered Microsoft and the technology industry for more than five years, most recently as a daily newspaper reporter and blogger based in Seattle.
READ FULL BIOGRAPHYRecent Sponsor Posts
Technology Tax Planning – Did You Take The Deduction?
Technology companies require professional advisors who can assist in all aspects of the business. The BDO Technology Practice provides a full range of services tailored to help address the changing needs of domestic and international companies. In addition to core audit and tax services, BDO professionals can assist technology companies with:
· Revenue recognition
· Business combination accounting
· R&D tax credits
· Compensation and benefits
· Business valuations
Backed by 38 national offices and an international network in 110 countries, we have the domestic and global footprint to serve growing technology companies. Contact sphilpott@bdo.com (audit partner), mreeves@bdo.com (audit partner), psmith@bdo.com (tax partner), tzambito@bdovaluation.us.com (valuation), tfiscus@bdo.com, Director, 206.624.2020
Join the Microsoft WebsiteSpark program and get software, support and visibility – at no upfront cost. You’ll benefit from fast and easy access to current Microsoft development tools, platform technology and server products including Visual Studio, Expression Studio, Silverlight, Windows Web Server 2008 and SQL Server 2008 Web.
Seattle-based Adhost is a WebsiteSpark hosting partner providing dedicated servers with free Windows Web Server 2008 and SQL Server 2008 licensing for three years to Web developers enrolled in WebsiteSpark. Servers are located in our secure data center with SAS 70 Type II certification, 24x7 technical support and 24x7 client access.
Job Listings
- Senior Software Development Engineer - Application Software - eXtreme Computing - 705794
- Microsoft Corporation
- Software Engineer
- Lockheed Martin
- Senior Staff Engineer - Printer & Scanner
- Intellectual Ventures
- QA Manager - Technical Test Team for an innovative, customer experience software solutions company
- RightNow
- Director, Digital Systems - External - 712211
- Microsoft Corporation
