01.25.10

Gemini version available ♊︎

Internet Explorer Still Not Secure, Still Standards-hostile, and Still Giving the NHS a Headache

Posted in Asia, Google, Microsoft, Security, Standard, Windows at 12:24 pm by Dr. Roy Schestowitz


Yorkshire air ambulance (NHS)

Summary: Internet Explorer mayday is still here, SVG is still not supported, and British taxpayers pay the price (or pay with their lives)

GOOGLE has issued a challenge to China, removing some censorship in the process (and getting some praise or flak for it). Totalitarians’ sympathiser, Microsoft, says it will carry on censoring results for the suppressive regime, which it later denies because it does not want the public to know (bad for PR). We wrote about this before and provided extensive evidence.

Using a new product, Microsoft helps manipulate search engines like Google and it is curious because Google’s China attacks were caused by Internet Explorer [1, 2, 3, 4, 5, 6, 7, 8, 9, 10] (and more specifically, Microsoft’s negligence [1, 2, 3]). Internet Explorer is still not secure. From the news:

A renowned security research company has revealed that it has managed to discover yet another set to vulnerabilities in Internet Explorer, Microsoft’s web browser, a mere day after the company patched the browser after a high-profile and highly-publicized attack on Google in China.

There was also a vulnerability disclosed a day after Microsoft had released patches. How about the vulnerability that’s 17 years old? Among the news coverage we have:

  1. Microsoft investigates 17-year-old Windows flaw
  2. Microsoft warns of flaw in 32-bit Windows kernel
  3. Microsoft confirms 17-year-old Windows vulnerability
  4. Microsoft confirms low-risk zero-day in Windows kernel
  5. Microsoft: Identifies 17-Year-Old Bug in Windows – It’s about time
  6. 17-year-old Microsoft flaw affects Windows 7
  7. Microsoft Warns About 17-Year-Old Windows Bug
  8. Microsoft investigating ZeroDay impacting Windows NT Kernel

On the heels of Microsoft announcing an out-of-cycle patch for the ZeroDay vulnerability in Internet Explorer, researcher Travis Ormandy has released details on another ZeroDay that exists in the Windows NT Kernel on every system version from Windows NT 3.1 to Windows 7.

This is confirmed by Microsoft itself by the way.

The NHS, which is a Windows shop for the most part [1, 2, 3, 4, 5], should already abandon Windows or at least abandon Internet Explorer.

Why the NHS can’t get its browser act together

[...]

Don’t worry, said Microsoft a few days ago: the zero-day vulnerability that Chinese hackers exploited to infiltrate Google’s network only affects Internet Explorer 6 (released in 2000) running on Windows XP (released in 2001).

The implication being that nobody uses that still, do they? Ed Bott, who has forgotten more about Microsoft than many people know, says in a vehement blogpost at ZDNet that:

“Any IT professional who is still allowing IE6 to be used in a corporate setting is guilty of malpractice. Think that judgment is too harsh? Ask the security experts at Google, Adobe, and dozens of other large corporations that are cleaning up the mess from a wave of targeted attacks that allowed source code and confidential data to fall into the hands of well-organized intruders. The entry point? According to Microsoft, it’s IE6.”

Ed Bott is a Microsoft-bribed mouthpiece, so it hardly matters what he says about Microsoft products. He lied about rivals of Internet Explorer a few days ago (by repeating the Microsoft talking points). He is almost ZDNet’s way of advertising Microsoft under the more trustworthy guise of “blogs”.

As an aside, Internet Explorer still does not support SVG, which has been around for ages. There is no reason to believe that this will change, according to this new analysis which says:

As usual, Microsoft’s action drew considerable scrutiny and even skepticism. It’s not hard to find commenters who write about “false marriage”, “damage” and lock-out. The major market reality that has impacted SVG for years is that all major Web browsers support it–except for Microsoft’s Internet Explorer. Numerous projects have decided against SVG in their designs precisely because of this lack.

Initial reaction to Microsoft’s decision has been, in my paraphrase: “Finally! Soon IE will support SVG, and we can get back to our programming.” I’m unconvinced — but also unsure that it matters.

There’s no guarantee that Microsoft will ever upgrade IE again, let alone that it’ll include SVG. Even if it does, it’ll be many years before use of earlier versions (IE 5, 6, 7, and 8, for example) falls below whatever threshold decision-makers decide should apply.

We wrote about this in:

Internet Explorer should just be removed from the Internet. It was only put on the Internet in order to sell Windows, Office and along with them substitutes to standards like SVG, so it’s not just simply a Web browser.

“In one piece of mail people were suggesting that Office had to work equally well with all browsers and that we shouldn’t force Office users to use our browser. This Is wrong and I wanted to correct this.

“Another suggestion In this mail was that we can’t make our own unilateral extensions to HTML I was going to say this was wrong and correct this also.”

Bill Gates [PDF]

Share in other sites/networks: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Reddit
  • email

Decor ᶃ Gemini Space

Below is a Web proxy. We recommend getting a Gemini client/browser.

Black/white/grey bullet button This post is also available in Gemini over at this address (requires a Gemini client/browser to open).

Decor ✐ Cross-references

Black/white/grey bullet button Pages that cross-reference this one, if any exist, are listed below or will be listed below over time.

Decor ▢ Respond and Discuss

Black/white/grey bullet button If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

A Single Comment

  1. Yuhong Bao said,

    February 2, 2010 at 9:23 pm

    Gravatar

    “How about the vulnerability that’s 17 years old? ”
    AFRIK that is because it is a bug in the NT kernel support for V86 mode used by NTVDM to run DOS apps.

DecorWhat Else is New


  1. Links 26/10/2021: SUSE Linux Enterprise Micro 5.1 and Multi-Distro Benchmarks

    Links for the day



  2. Links 26/10/2021: Vulkan 1.1 Conformance for Raspberry Pi 4 and Tor Browser 10.5.10

    Links for the day



  3. [Meme] Sounds Legit

    When not cheating on the wife, the EPO‘s “doyen” cheats in the exams and makes it into the epi Council, in effect working “[t]owards a common understanding [sic] of quality” with “patent attorneys nominated as “assessors” by the EPO, epi and BusinessEurope” (notorious lobbyists for dictators, litigation, and monopolies, neither business nor science)



  4. [Meme] Mayoral Patent Office Chief

    As it turns out, political 'double-dipping' isn't just a thing in North Macedonia, Austria, and EPOnia



  5. Romania's Patent Office (OSIM): Nine Different Chiefs in Just Eight Years

    The Romanian State Office for Inventions and Trademarks (OSIM), being the equivalent of the U.S. Patent and Trademark Office (USPTO) in the sense that it covers both patents and trademarks, is a very flaky institution with no shortage of scandals; for our English-reading audiences we now have a summary of a decade’s worth of blunders and leadership changes



  6. The EPO’s Overseer/Overseen Collusion — Part XXIV: The Balkan League - Romania

    Romania’s patent office has been in flux this past decade, occasionally led by people with no relevant experience, but rather political connections (like EPO President António Campinos) and sometimes forged documents and fake degrees



  7. IRC Proceedings: Monday, October 25, 2021

    IRC logs for Monday, October 25, 2021



  8. [Meme] “Social Democracy” at the EPO

    Some comments on the current situation at the European Patent Office from Goran Gerasimovski, the new EPO Administrative Council delegate for North Macedonia and Social Democratic candidate for mayor of Centar (a municipality of Skopje)



  9. [Meme] António Campinos Visits the OSIM

    António Campinos visits OSIM Director-General Ionel Muscalu in February 2014



  10. [Meme] [Teaser] Meet the President

    Later today we shall see what Romania did for Battistelli



  11. Links 26/10/2021: Latte Dock 0.10.3 and Linux 5.15 RC7

    Links for the day



  12. Gemini Protocol's Originator: “I Continue to Care About This Project and I Care About the Community That Has Formed Around It.”

    'Solderpunk' is back from a long hiatus; this bodes well for Geminispace, which grew fast in spite of the conspicuous absence



  13. Bulgarian Like Bavarian Serfdom

    Bulgarian politics seem to have played a big role in selecting chiefs and delegates who backed Benoît Battistelli‘s unlawful proposals, which treat workers almost like slaves and ordinary citizens as disposable ‘collaterals’



  14. The EPO’s Overseer/Overseen Collusion — Part XXIII: The Balkan League - Bulgaria

    Today we examine the role of Bulgaria in Benoît Battistelli‘s liberticidal regime at the EPO (as well as under António Campinos, from 2018 to present) with particular focus on political machinations



  15. Links 25/10/2021: New Slackware64-current and a Look at Ubuntu Budgie

    Links for the day



  16. Links 25/10/2021: pg_statement_rollback 1.3 and Lots of Patent Catchup

    Links for the day



  17. Microsoft GitHub Exposé — Part III — A Story of Plagiarism and Likely Securities Fraud

    Today we tread slowly and take another step ahead, revealing the nature of only some among many problems that GitHub and Microsoft are hiding from the general public (to the point of spiking media reports)



  18. [Meme] [Teaser] Oligarchs-Controlled Patent Offices With Media Connections That Cover Up Corruption

    As we shall see later today, the ‘underworld’ in Bulgaria played a role or pulled the strings of politically-appointed administrators who guarded Benoît Battistelli‘s liberticidal regime at the EPO



  19. IRC Proceedings: Sunday, October 24, 2021

    IRC logs for Sunday, October 24, 2021



  20. Links 25/10/2021: EasyOS 3.1 and Bareflank 3.0

    Links for the day



  21. The Demolition of the EPO Was Made Possible With Assistance From Countries That Barely Have European Patents

    The legal basis of today's EPO has been crushed; a lot of this was made possible by countries with barely any stakes in the outcome



  22. The EPO’s Overseer/Overseen Collusion — Part XXII: The Balkan League - North Macedonia and Albania

    We continue to look at Benoît Battistelli‘s enablers at the EPO



  23. Links 24/10/2021: GPS Daemon (GPSD) Bug and Lots of Openwashing

    Links for the day



  24. Links 24/10/2021: XWayland 21.1.3 and Ubuntu Linux 22.04 LTS Daily Build

    Links for the day



  25. IRC Proceedings: Saturday, October 23, 2021

    IRC logs for Saturday, October 23, 2021



  26. Links 24/10/2021: Ceph Boss Sage Weil Resigns and Many GPL Enforcement Stories

    Links for the day



  27. GAFAM-Funded NPR Reports That Facebook Let Millions of People Like Trump Flout the So-called Rules. Not Just “a Few”.

    Guest post by Ryan, reprinted with permission



  28. Some Memes About What Croatia Means to the European Patent Office

    Before we proceed to other countries in the region, let’s not forget or let’s immortalise the role played by Croatia in the EPO (memes are memorable)



  29. Gangster Culture in the EPO

    The EPO‘s Administrative Council was gamed by a gangster from Croatia; today we start the segment of the series which deals with the Balkan region



  30. The EPO’s Overseer/Overseen Collusion — Part XXI: The Balkan League – The Doyen and His “Protégée”

    The EPO‘s circle of corruption in the Balkan region will be the focus of today’s (and upcoming) coverage, showing some of the controversial enablers of Benoît Battistelli and António Campinos, two deeply corrupt French officials who rapidly drive the Office into the ground for personal gain (at Europe’s expense!)


RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

Recent Posts