Top Stories



After Google hack, Microsoft asks users to abandon IE6, XP

Microsoft is using a widely publicized flaw in Internet Explorer as a way to push users to upgrade both their browsers and operating systems.

On its Security Research & Defense blog, Microsoft explains that while IE7 and IE8 on Windows Vista and Windows 7 both include the flawed code that was exploited in the recent Chinese attacks on Google, the publicly published exploit code only works against IE6 on Windows 2000 and Windows XP. So the company is urging users to think about upgrading their version of IE, or even their OS (which also results in a newer version of IE).

“As you can see, the client configuration currently at risk is Windows XP running IE6,” the blog post reads. “We recommend users of IE6 on Windows XP upgrade to a new version of Internet Explorer and/or enable DEP. Users of other platforms are at reduced risk. We also recommend users of Windows XP upgrade to newer versions of Windows.”

Microsoft’s relationship with IE6 and XP is complicated. On the one hand, the company refuses to drop support for IE6 and won’t force users to upgrade away from it, and it still makes sure to offer businesses add-ons like Windows XP Mode as well as MED-V. On the other hand, the software giant runs mini campaigns and pushes for users to upgrade away from the ancient applications, usually citing security.

Still, this is the first time we’ve seen Microsoft actually recommend users upgrade because of a specific flaw, and not just away from IE6 but away from Windows XP completely. Microsoft doesn’t say that newer versions of Internet Explorer and later Windows releases are invulnerable to the flaw, but it does explain that they have “reduced risk to the exploit” due to platform mitigations such as IE Protected Mode and Data Execution Prevention.

The company first explained these mitigations last week when it admitted that its own investigations into the highly organized hacking attack in late December had concluded that a Remote Code Execution vulnerability in IE was used by the perpetrators. That vulnerability is triggered by an attacker using JavaScript to copy, release, and then later reference a specific Document Object Model element; attack code may be executed if it is successfully placed in a random location of freed memory. Microsoft has yet to issue a patch.


4 thoughts on “After Google hack, Microsoft asks users to abandon IE6, XP

  1. Kurye olarak hizmet veren kişiler, bulundukları lokasyondaki her adrese en kısa sürede ulaşma yolunu bilirler. Üstelik verilen bu görevi hava, trafik ve buna benzer diğer olumsuz şartlardan etkilenmeden yerine getirirler. Yani iş hayatı başta olmak üzere hayatın hemen her alanında önemli görevleri üstlenebilir ve başarıyla yerine getirebilirler. Özellikle büyük şehirlerdeki trafik kaosu ve adres konusundaki karmaşa göze alınırsa, kurye hizmetlerinden faydalanmanın bazı durumlarda zorunlu hale geleceği anlaşılabilir. Örneğin İstanbul’un bir noktasından diğer bir noktasına acil şekilde önemli bir evrak ulaştırmak gerektiğinde ya da hastanızın ihtiyacı olan ilacı acil ve güvenli bir şekilde ulaştırmak gerektiğinde, İstanbul moto kurye hizmetimizden faydalanarak sorununuza çözüm üretebilirsiniz.

  2. Magnificent goods from you, man. I have understand your stuff previous to and you’re just too wonderful. I really like what you have acquired here, really like what you’re saying and the way in which you say it. You make it entertaining and you still take care of to keep it wise. I can’t wait to read much more from you. This is really a terrific site.

Leave a Reply

Your email address will not be published. Required fields are marked *