Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: Another Zero-Day Windows Exploit

__/ [ Rex Ballard ] on Saturday 07 October 2006 16:15 \__

> Erik Funkenbusch wrote:
>> On Sat, 7 Oct 2006 13:38:59 +0200, Roy Culley wrote:
>>
>> > begin  risky.vbs
>> > <1tic4v676amwh.dlg@xxxxxxxxxxxxxxx>,
>> > Erik Funkenbusch <erik@xxxxxxxxxxxxxxxxxxxxxx> writes:
>> >>> http://hackersblog.itproportal.com/?p=352
>> >>
>> >> I dunno, i went to the test page, and clicked the button, and it
>> >> didn't crash my browser.  I'm running IE7 RC1.  The only thing that
>> >> happened was it asked me to run an unsafe ActiveX control, which i
>> >> didn't do.
>> >
>> > http://secunia.com/advisories/22159/
>> >
>> >     Successful exploitation allows execution of arbitrary code.
>> >
>> >     NOTE: Exploit code is publicly available.
>> >
>> >     The vulnerability is confirmed on a fully patched system with
>> >     Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions
>> >     may also be affected.
>>
>> But apparently not IE7.  Just goes to show that Microsoft is reducing the
>> risks with IE7.
> 
> Yep.  Another PERFECT example of Microsoft's "strategic" management of
> fixes, desgined to force-feed us new products designed to displace
> competitor products.
> 
> Strategy here:
>     FireFox is getting huge market share, up to 30% by some estimates.
>     IE6 can't compete
>     Force everybody to upgrade to IE7 by NOT fixing the bug in IE6
>     Then make all comparisons between IE7 and FireFox.
> 
> Or maybe just put little changes to critical libraries used by IE7 that
> make FireFox a little "buggy" (after all, it still has to call some of
> Microsoft's library routines).
> 
> But of course we have to wait a while.

Internet Explorer 7 will be delivered as a "high priority" security update
(yes, to XP users who already have Firefox). The antitrust folks need to
wake up. The 'update' system is being misused; instead, it's used as a
marketing tool which hurts rivals. As Vista will fail to sell, it's
potentially more anti-competitive than the bundling of IE in /subsequent/
versions of Windows in order to combat Netscape.

Best wishes,

Roy

-- 
Roy S. Schestowitz      | Linux: stop maintenance; get more actual work done
http://Schestowitz.com  | Free as in Free Beer ¦  PGP-Key: 0x74572E8E
Load average (/proc/loadavg): 1.01 1.04 1.02 1/149 1604
      http://iuron.com - semantic search engine project initiative

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index