INTERNET EXPLORER is under attack [1, 2, 3, 4, 5, 6, 7]. Microsoft calls it an "emergency", but the emergency is that Microsoft is losing market share, not that customers are at risk. Microsoft had publicly belittled this issue... until governments started to speak out and complain.
German government IE warning leads to spike in Firefox downloads
Following a warning last Friday from the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI) concerning the security hole in Internet Explorer (IE), Mozilla has said that it has recorded a "huge increase" in the number of Firefox downloads in Germany. According to a post by Mozilla's Ken Kovash on the Mozilla Blog of Metrics, more than 300,000 downloads of the open source browser took place during the recent Friday to Monday period. Similarly, Opera also reportedly saw downloads of its browser in Germany more than double.
Microsoft will release an emergency update that patches the Internet Explorer vulnerability used to breach the security defenses of Google and other large companies.
Microsoft is now promising us that they'll have a patch for the latest IE security hole ... real soon now. So what? This problem, while it's been exploited the most in IE 6, it exists in all modern versions of IE and it can be exploited in every version of Windows from Windows 2000 to Windows 7. And, I'm supposed to trust that Microsoft will 'patch' it right this time and that it won't blow up on me again? I don't think so.
With world governments advising citizens to switch from Internet Explorer to alternative browsers, and an unpatched security hole in at least two major versions of Internet Explorer, Microsoft has to do something to restore faith in its browser. Easiest way to do it, apparently, is by saying that other browsers are even worse than IE.
Last week, David Coursey reported that Microsoft entertainment and devices boss Robbie Bach made the prediction in an analyst briefing that Linux on mobile will lose. Why? It’s choice is a bad thing for customers and that there is too much Linux in the mobile marketplace
Windows plagued by 17-year-old privilege escalation bug
A security researcher at Google is recommending computer users make several configuration changes to protect themselves against a previously unknown vulnerability that allows untrusted users to take complete control of systems running most versions of Microsoft Windows.
--Brian Valentine, Microsoft executive
Comments
subsonica
2010-01-21 00:25:16
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072549.html
there is something fundamentally wrong with Windows security design. Windows was never meant nor actually prepared to be multiuser or networked. Back in the days, Microsoft simply took MS-DOS + LAN MANAGER and glued to it a ripoff of the Digital VMS model of user security, copied the HPFS filesystem from OS2 (shafting IBM in the process) and called it NTFS, then added the Netware and BSD TCP/IP stack into the mix, called it "Windows NT" and they have just kept patching that model up to the current offerings, adding an E+E+E'ed version of LDAP called "Active Directory" on top of it from Windows 2000 on. Every day that passes, keeping relying on this windows model for your data, services and applications is becoming more and more an irresponsability.
Dennis Murczak
2010-01-21 18:45:34
They should have stopped slapping new features onto a rotten legacy architecture years ago; now they are paying the bill. Not to mention that the only market in which they don't have to compete is shrinking.