back to article Attacks on IE drive-by bug go wild

Microsoft on Tuesday warned that attackers have begun exploiting a critical vulnerability in Internet Explorer and rolled out a temporary fix until a permanent patch is issued. The vulnerability in IE versions 6, 7 and 8, which involves the way the browser handles cascading style sheets, allows adversaries to perform drive-by …


This topic is closed for new posts.
  1. Tigra 07 Silver badge

    Genuine Question...

    Has there ever been a patch tuesday with no patches?

    It just seems this is getting worse and worse for Microsoft.

  2. Anonymous Coward


    Yet another security hole in MS software.

    Congratulations Microsoft - you're in the lead. No-one else even comes close to making the swiss-cheese that you guys call software.

  3. Anonymous Coward
    Anonymous Coward

    Won't work.

    >"This change causes Internet Explorer to refuse to import a CSS style sheet if it has the same URL as the CSS style sheet from which it is being loaded,”

    So the exploit can probably be modified to use two style sheets each of which cross-references the other and still get infinite recursion, no?

  4. efeffess
    Thumb Down

    Come on, corptards...

    ...this whole 'patching and repatching' nonsense is getting old. Put some of that money into proper testing and get it done right the first time. You're looking like a bunch of irresponsible, uneducated jackasses more interested in selling a shoddy product for a bigger piece of the advertising.

    You know what they say about showing off to compensate for 'down below'. And I ain't talking about Oz.

  5. Robert Carnegie Silver badge

    @"Won't work" You could have not mentioned that -

    If I have a bright idea about how to work around computer security, sometimes I keep it to myself. (That's more fun.)

    But I'm not very likely to think of something that no one else has thought of.

    My preferred mitigation is to use a different company's web browser until the issue is fixed - funny that Microsoft didn't suggest that (not unreasonable, but amusing) - and/or to stay away from the most vulnerable web sites. For instance, if the attack is made through advertising, I'll use the United Kingdom version of BBC News Online, with no ads!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021