back to article Microsoft releases fix for 'Pwn2Own' security bug in IE

Microsoft on Tuesday patched at least 34 security holes in a wide range of software, including a bug in its Internet Explorer browser that fetched a researcher $10,000 at a hacker contest in April. In all, Microsoft released 10 bulletins, three of which were rated “critical” because they allowed attackers to remotely install …


This topic is closed for new posts.
  1. Anonymous Coward

    Hate to say this...

    *grumble, grumble* but MS seem to actually care about improving their products' security both ground up and in terms of patching.

    Agreed it could be better, in terms of not requiring so many bloody patches from different URLs, but also it could be a *lot* worse.

    One really can't blame them if people continue to use IE 6.0 and not apply all supplied patches. I THINK they have also stopped slyly installing DRM and unwanted upgrades as a part of the regular windows update process. Though I still have it turned off and download patches from MS' site after reading the bloody details which is a pain. And some things like the turn off of the USB stick/ CD autorun is NOT available as a download from there without Windows Genuine Advantage or whatever...

    Naah, still some way to go!

    1. Allan George Dyer

      The only reason I use IE 6.0

      is that Windows Update requires IE, and later versions don't run on this OS.

  2. Jonathan 17

    Microsoft releases fix for 'Pwn2Own' security bug in IE

    ...a link to download a decent browser?

    1. OffBeatMammal

      ... but IE9 isn't beta yet

      given the recent attention MS has put on security in IE8 it's starting to put the others to shame - Safari and Firefox are showing their weaknesses and as Chrome becomes more popular it'll only be a matter of time

      Sure IE6 is a creaking pile of whatever in this regard, but it's a ten year old browser. If you're still running it then please... make sure you're at least running Security Essentials ( or upgrade to Win7 (that actually works on most WinXp capable machines).

      If your IT department is hanging on to IE6 for some reason ... your TPS reports use an ActiveX that's only tested in IE6... suggest that they check out and give you a virtualised IE6 to play in the sandbox with and let you upgrade your day to day browser to the version from this century.

  3. Robert Carnegie Silver badge

    Windows Update doesn't require IE

    ..but maybe it does on your OS (Windows 2000?) On XP it runs separately in the System Tray OR in IE. But I think it tends to use IE to display explanations of what each update actually does. Or, in the area of "Windows Genuine Advantage", misinformation.

    Of course you could nstall Windows 7 - or Linux - but if you don't want to, then don't.

    I don't know if you can run Linux inside Windows 2000, can with XP I think...

    Anyway, have you tried Opera - or is that not allowed?

    1. Allan George Dyer

      OK, I did't know that...

      but XP runs later versions of IE, yes, it is W2K. I use Firefox for most browsing, but IE 6 for Windows Update. Windows 7 wouldn't run on this hardware. Therefore, on this hardware, Linux is the only sensible way forwards. Interesting that a chain of restrictions from MS (security updates require Windows Update, Windows Update on W2K requires IE, IE6 is insecure, IE>6 unavailable on W2K) leads to the conclusion "change to Linux".

  4. Ty Cobb
    Black Helicopters

    IE 6

    I can think of a reason to use IE 6 - MS screwed up the runas option from IE 7 on so you can't use other credentials to do anything useful.

  5. Tom 7 Silver badge

    34 hole plugged?

    Well that's the top left corner of the sieve where the handle fell off fixed!

This topic is closed for new posts.