In August, Microsoft released Internet Explorer 8 Beta 2 to the public. Testers have continued diligently reporting bugs to the software giant, but the company didn't release a later build for quite a while. Only last week did Redmond finally send out the first Release Candidate (build 8.0.6001.18343 for those keeping track) to its testers on Microsoft Connect. The build is English-only and is not available to the public.
There is no question that Microsoft's Internet Explorer has become more secure over time. There's also no question that with roughly 69 percent of the global browser market, IE remains a meaty target.
It is therefore not surprising that IE is under attack, though perhaps the recent breach of fully-patched IE is surprising, as as The Register reports:
Microsoft issued eight bulletins as part of this month's Patch Tuesday, including six that the company ranked "critical." One of the vulnerabilities is already under attack by hackers.
Microsoft pushed out eight security bulletins as part of this month’s Patch Tuesday, including a fix for a vulnerability currently under attack.
A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack.
The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall firm Phion in October. Details of the flaw, which also creates a potential mechanism to inject hostile code into vulnerable systems, were disclosed in a posting to BugTraq on Friday.
A new vulnerability has been identified in the Window Vista operating system, reports indicate. The flaw in the kernel coding could allow hackers to hide rootkits on systems and launch denial of service attacks, causing potential network security vulnerabilities.
Thomas Unterleitner of Austrian security company Phion, who discovered the exploit, told ZDNet said that he told Microsoft about the flaw in October, although a fix is not expected to be made available until the next Vista service pack is released.
After one more public test build early next year, Microsoft plans to release the final version of Internet Explorer 8 in calendar 2009. Microsoft officials shared the updated timetable via a November 19 post on the IE Blog.
Microsoft is giving up on its Windows Live OneCare subscription service next June. But it is not giving up on the security business entirely - it has plans for a free, anti-malware product code-named "Morro."
Two years after releasing Windows Live OneCare with much fanfare, Microsoft announced today it is abandoning the subscription service next June. But it is not getting out of the consumer security business. In fact, the company plans to release a free, anti-malware product code-named "Morro" in the second half of 2009.
Microsoft has explained why it took seven years to patch a known vulnerability. Fixing the bug earlier would have taken out network applications and potential exploits alike, it explained.
Security bulletin MS08-068 fixed a flaw in the SMB (Server Message Block) component of Windows, first demonstrated by Sir Dystic of Cult of the Dead Cow fame at a hacking conference in 2001, if not before. The flaw opened the door to SMB replay or reflection attacks that would have allowed the operator of a malicious SMB server to run exploits on vulnerable PCs.
Microsoft's forthcoming Office Web Applications will allow users to create and edit spreadhseets, presentations and Word documents through a browser--but only so long as there is an active Internet connection.
Microsoft launched in the U.S. this week its online software store and is touting it as one way for netbook PC users who don’t have optical drives to more easily obtain software.
