Internet Explorer patches
Party like it's 2004 again!
Microsoft today emitted an emergency security patch for a flaw in Internet Explorer that hackers are exploiting in the wild to hijack computers. The vulnerability, CVE-2018-8653, is a remote-code execution hole in the browser's scripting engine. Visiting a malicious website abusing this bug with a vulnerable version of IE is …
Nope, does not work, for me:
C:\WINDOWS\system32>format c: /s
The type of the file system is NTFS.
WARNING, ALL DATA ON NON-REMOVABLE DISK
DRIVE C: WILL BE LOST!
Proceed with Format (Y/N)? y
Formatting 237.3 TB
Format cannot run because the volume is in use by another
process. Format may run if this volume is dismounted first.
ALL OPENED HANDLES TO THIS VOLUME WOULD THEN BE INVALID.
Would you like to force a dismount on this volume? (Y/N) y
Cannot lock the drive. The volume is still in use.
Format failed.
Are you sure - the webpages are still up, and you can download the updates by hand if they're not in Microsoft Update.
Eg, for Windows 10 build 1809:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4483235
Windows 7 / 8:
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4483187
C.
The numbering scheme has nothing to do with this, just count the updates. MS has had security patches for IE in nearly every montly service pack and several out of bound.
The security model for scripting in Internet Explorer is inherently more dangerous than the other browsers. The embedding of the browser in the OS also adds risks: MS could release Edge (which doesn't suffer from this problem) for older versions of Windows but chose not to do so. So, yes, it is fair to bash MS about this.
and THIS is why I use NOSCRIPT. Because, you never know when "yet another" script vulnerability will end up spreading malware to YOUR computer, and so it should be disabled by default on all but THE most trusted web sites, and that list should be very, very, very small [and exclude ALL advertisers and CDNs].
From the article: "A possible alternative is to not use Internet Explorer, of course."
exactly!
AC - yes all browsers have vulnerabilities. Hence best to use one that can be (if necessary via addons) locked down as much as possible.
All browsers are flawed, but at least some other browsers make it easier for you to limit your risk than IE does and so are better, albeit far from perfect.
I use noscript on Firefox but it is a pain in the gulliver it keeps forgetting that I have whitelisted some sites and I keep having to go twiggle with the little icons in the top right only to then get the cookie warnings and paywalls. If I want to say book a ticket and buy something and I want the payment to go through I switch to chrome as otherwise I will be faced with endless barriers and refreshes.
Or if you go by the dates the shops use, Christmas starts at the beginning of September. At least that is when I saw Christmas decorations for sale in stores near to me.
I can only guess that people aren't using IE by choice but they are forced to for various reasons, as it seems very dated and basic now compared to more modern browsers.
Whether MS will eventually kill it off completely remains to be seen since there are still lots of expensive CMS that were bought by big businesses that won't work in anything other than IE.
Or if you go by the dates the shops use, Christmas starts at the beginning of September. At least that is when I saw Christmas decorations for sale in stores near to me.
Christmas decorations for sale can be easily ignored - it's when the xmas loop tape gets dug out, dusted of fluff to be played instore constantly from then on.
Love the article title cover song. We should have more!
The Reg is the perfect venue for hosting a Christmas Songs Cover event. Sorta like....'Jingle Bells, Excel Cells, Coding all the way......". (i forget the rest of the traditional song, but you know what i mean.).