403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx
Follow us:
403 Forbidden

403 Forbidden


nginx

Microsoft Pri0

Welcome to Microsoft Pri0: That's Microspeak for top priority, and that's the news and observations you'll find here from Seattle Times technology reporter Matt Day.

December 16, 2008 at 9:59 AM

Unpatched flaw in Internet Explorer prompts calls to change browsers until fix issued

The BBC and others are reporting today on a security vulnerability in Internet Explorer 7 — though earlier versions of the Microsoft Web browser also have the same flaw — that has yet to be patched. Microsoft has been working on it since at least Wednesday, when it published a security bulletin explaining the flaw.

Update, 12:40 p.m.: Microsoft says it has a security update for this vulnerability. It will be released Wednesday morning at 10 a.m. via Automatic Updates and Microsoft Update. More after the jump.

The BBC cites security experts who are advising users of IE to switch to another browser, such as Firefox or Safari, until the flaw is corrected.

“If users can find an alternative browser, then that’s good mitigation against the threat,” Rick Ferguson, senior security advisor at Trend Micro, told the BBC.

If people follow this advice, it could be an additional blow to Microsoft, which has watched its once dominant share of the browser market erode in recent years. As recently as 2004, Internet Explorer had more than 90 percent of the browser market. In summer, IE’s market share was 73 percent, Firefox had 19 percent and Apple’s Safari had 6 percent, according to Net Applications.

According to a Microsoft blog post last week, there were still “limited attacks seeking to load malicious software on vulnerable systems.”

Microsoft is “actively investigating the vulnerability that these attacks attempt to exploit” and suggests a number of workarounds and suggestions for minimizing the vulnerability at its security Web page.

Update, 12:40 p.m.: Microsoft is calling its response to the threat “unprecedented.” “Microsoft immediately mobilized security engineering teams worldwide to develop, test and deliver a security update of appropriate quality for worldwide distribution in the unprecedented time of eight day,” the company said in a statement.

Click here for more details on the fix and two Web casts the company has planned for Wednesday and Thursday to answer questions on the topic.

Comments | More in Internet Explorer, Security & privacy

COMMENTS

No personal attacks or insults, no hate speech, no profanity. Please keep the conversation civil and help us moderate this thread by reporting any abuse. See our Commenting FAQ.



The opinions expressed in reader comments are those of the author only, and do not reflect the opinions of The Seattle Times.


403 Forbidden

403 Forbidden


nginx
403 Forbidden

403 Forbidden


nginx