Tuesday, August 22, 2006
Fine print on the latest security scare
Microsoft released their usual monthly round of security fixes on August 8th. People quickly noticed that Internet Explorer crashed when they visited certain web sites that use particular modern technologies.
Next, independent security people reported that the bug that causes the crash is the kind of bug that creates a security vulnerability. Once again, you could lose control of your computer just by visiting a web site.
So, the headlines say that if you got the latest security fixes you now have a new vulnerability. Not so fast.
This only affects people who still run Windows 2000 or who run XP with Service Pack 1 (you should be on Service Pack 2) and it only affects people who are ignoring Internet Explorer's security problems and running it anyway. Stop. Just stop. Running Internet Explorer is the computer security equivalent of smoking cigarettes. You can dodge this problem by disabling support for HTTP 1.1 but that won't help with the next bug.
|
Next, independent security people reported that the bug that causes the crash is the kind of bug that creates a security vulnerability. Once again, you could lose control of your computer just by visiting a web site.
So, the headlines say that if you got the latest security fixes you now have a new vulnerability. Not so fast.
This only affects people who still run Windows 2000 or who run XP with Service Pack 1 (you should be on Service Pack 2) and it only affects people who are ignoring Internet Explorer's security problems and running it anyway. Stop. Just stop. Running Internet Explorer is the computer security equivalent of smoking cigarettes. You can dodge this problem by disabling support for HTTP 1.1 but that won't help with the next bug.
# posted by Frederick @ 2:33 PM Email to a friend:
Haloscan: they provide trackback