Welcome to WebmasterWorld Guest from 54.205.75.60

Forum Moderators: bill

Message Too Old, No Replies

Security Group Issues Emergency IE Patch

   
11:09 am on Sep 25, 2006 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Following on from New Internet Explorer Vulnerability Posted on Web [webmasterworld.com]

A group of security professionals has created a third-party fix for a recently discovered Internet Explorer flaw that's increasingly being used in cyber attacks.

The group, which calls itself the Zeroday Emergency Response Team, or Zert, created the patch so IE users can protect themselves while Microsoft works on an official fix.

Security Group Issues Emergency IE Patch [software.silicon.com]

Would you install a third party patch? I'm not sure I would.

11:38 am on Sep 25, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No. It scares me enough to install the "Offical" patches.
11:53 am on Sep 25, 2006 (gmt 0)

WebmasterWorld Senior Member billys is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I'll wait for an official patch. It might be costly later on in terms of conflicts.
12:00 pm on Sep 25, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Whats more shocking is the fact that a patch comes from a 3rd party faster than Microsoft. pffft.
1:17 pm on Sep 25, 2006 (gmt 0)

5+ Year Member



Which version of IE is it for?
1:18 pm on Sep 25, 2006 (gmt 0)

5+ Year Member



Nevermind

"IE versions 5.01 and 6 on all current versions of Windows are affected."

4:05 pm on Sep 25, 2006 (gmt 0)

WebmasterWorld Senior Member demaestro is a WebmasterWorld Top Contributor of All Time 10+ Year Member



This is what happens with scheduled updates.

Microsoft has patch Tuesday.

Unscrupulous coders have exploit Wednesday knowing how long they have until the patch comes out.

I guess it is nice that someone is being preemtive about this. However I do have some reservations about installing a third party patch.

I try to only use my IE to test my own sites so I don't need to patch it right away as I trust my sites.

6:38 pm on Sep 25, 2006 (gmt 0)

10+ Year Member



This is an amazing ironic jab at MS, doing their job for them.
1:22 am on Sep 27, 2006 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



The MS patch is now ready for download.
7:49 pm on Sep 27, 2006 (gmt 0)

10+ Year Member



Unscrupulous coders have exploit Wednesday knowing how long they have until the patch comes out.

Disagree for two reasons:

1. An optimal time would be sometime before patch Tuesday giving MS insufficient time to test and release on Tuesday

2. MS can always issue a special if its serious enough.

Just a question if anyone knows, did IE7 Beta have the same problem? A success for MS if not so.

Edit: added 'not' to last line above.

[edited by: Tidal2 at 7:54 pm (utc) on Sep. 27, 2006]

12:16 pm on Sep 30, 2006 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Unscrupulous coders have exploit Wednesday knowing how long they have until the patch comes out.

It only becomes a real threat when the patch is released and admins delay installing it. There are an infinate number of *theoretical expoloits* awaiting patches. Zero day exploits are a problem though, but still best to wait for the vendor.

>Zeroday Emergency Response Team
I wouldnt install antyhing from anyone calling themselves that :)