Home / News / Software News / Microsoft Finally Patches Major IE Security Flaw

Microsoft Finally Patches Major IE Security Flaw

Gordon Kelly


Microsoft Finally Patches Major IE Security Flaw

There are many, many reasons not to use Internet Explorer but the hysteria created around the browser's latest major security flaw has given yet more momentum to the likes of Firefox, Chrome, Safari and Opera. So I suspect Microsoft is rather happy the whole palaver is over - for now...

In a statement the software giant has confirmed that a vital update to fix the hole - which enabled hackers to potentially take full control of a computer via IE if they accessed certain infected sites - went live to customers at 18:00 GMT last night. Those with Windows Automatic Updates disabled (why oh why would you do that?) can get the patch manually by visiting the Windows Update website.

"Microsoft teams worldwide have been working around the clock to develop a security update to help protect our customers," said Microsoft in a statement. "Microsoft strongly encourages customers to follow the Protect Your Computer Guidance at www.microsoft.com/protect, which includes activating the Automatic Update setting in Windows to ensure that they receive the update as soon as it is available."

"The update will protect you against any of the known exploits that are out there right now," confirmed Microsoft UK security head Cliff Evans.

Of course while IE deserves innumerable kickings for a whole host of factors (performance, stability, design, Acid3 scores, RSS implementation, etc, etc, etc) it remains true that no browser is 100 per cent secure. That said, as the largest player with a near 80 per cent market share it is by far the most targeted by the morally suspect.

All of which is adds to the notion that you don't put up with what you're given in the box (a key rule for earphones too). Instead let your clicks do the talking and head on over to any one of its infinitely more accomplished rivals. After all, until we do that in greater numbers what is the motivation for Microsoft to get its act together?


Microsoft IE Security Advisory


December 18, 2008, 6:41 am

"Hopefully the last week made you change browsers..."

And if it didn't, *gasp*, what will it take!?


December 18, 2008, 1:25 pm

Those with Windows Automatic Updates disabled (why oh why would you do that?)

I have to on one of my machines as it automatically installs service pack 3 which send my computer into a constant crash/bot cycle due to the conflict with my Asus A8N32SLI (which has not yet been resolved by ms or asus as far as i am aware - any idea of a workaround/fix?)

Yet another example of MS taking forever to fix something despite it being quite a widespread problem.

Gavin Hamer

December 18, 2008, 3:00 pm

I noticed that Opera had an "Extremely Severe" (in their words) critical bug fix yesterday. That didn't warrant a mention in any of the news stories about IE though...

Not that I would use IE.


December 18, 2008, 6:14 pm

@Gavin - didn't even turn up on my radar I'm afraid. Which probably says it all...


December 18, 2008, 7:52 pm

@Ohmz: ability to alter the default TLD suffix of CTRL, SHIFT, ENTER to any (which IE allows, I can't live without .co.uk and .org is useless for me as 90%+ of my browsing is .com & .co.uk TLDs) and a decent thumbnail preview (CTRL + Q): neither of which Firefox do natively or via extensions in the way I like. If anyone's got any suggestions, I'm more than willing to try them out!

Having said that, vanilla IE7 isn't good enough for 2008 but with the free IE7 Pro extension it provides everything I need (download manager, inline spellchecker, adblocker, ability to minimise to taskbar with CTRL + M & more in one extension).

@Gavin Hamer unfortunately because the market share of Opera is so poor, and most people I know online are always looking for opportunities to knock Microsoft, regardless of whether it's justified (though it certainly is with this patch for IE). the 100% pass rate of the Acid3 test of the Opera 10 alpha may well make me switch permanently once it's hit RC status (the alpha is to unstable for my liking).


December 18, 2008, 7:54 pm


To expose this flaw you need to know a little bit XML and a large dash of luck in finding the actual security hole.

I am still surfing unpatched IE7 without any worries because I know the facts and don't listen to teh "internet monkeys".

The Firefox patch released today is more urgent amongst others. IMHO the firefox holes much more of a danger, but let's not talk about that it's not the norm.

The BBC "Tech" team made this a story LOL


December 18, 2008, 9:29 pm

I'm not devoted to either IE or FireFox, and use them both together with Chrome. However, could someone point me in the direction of a rational discussion of where IE genuinely deserves a kicking? I don't want to argue, I'd just like to see and understand the problems the article's writer mentions for myself -

performance - I have seriously never noticed a difference personally apart from very large spreadsheets in Google Apps which I only created to see if I could find a performance difference. I don't do anything very exciting with my browser which is maybe why, day to day, I really can't see a difference;

stability - IE and FireFox crash about as much as each other - which is not very often at all. Maybe I'm just lucky but I don't recall either browser crashing recently and it's certainly not so much of an issue that I think about it for any browser;

design - this is purely subjective and I have no problems with either browser. I'm certainly not a pretty bloke but I hope this doesn't mean I deserve a kicking from everyone except my Mum and other half;

Acid3 scores - Microsoft's effective discouraging of standards has created many difficulties and this is probably the only thing I would immediately agree on with the article's writer. Fundamentally though, I don't understand why neither browser was designed to get 100%. Aiming better than Microsoft isn't difficult, but why aim for mediocrity? I'm curious what's so difficult that neither FireFox nor IE can got this right.

RSS implementation - I don't find FireFox's default implementation any better or worse than that in IE;

etc., etc., etc., - some more examples?

I guess I'm going to get shot down in flames, which is sad as I'd really like just to get informed so I can make the decision to ditch IE7 on a reasonable basis. Yesterday I was chatting with a friend, whose retired father was happily using IE7 until the recent security scare. He panicked and moved to FireFox. Without any real understanding of security issues he may well have been better to use FireFox from the start. However, I worry if an unbalanced approach to this sort of reporting will give my friend's father the impression that FireFox is not vulnerable at all, and any sort of complacency regarding updates etc. could work out worse for the old guy in the long run.

Please be gentle!

comments powered by Disqus