Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day Microsoft, in a low-key update to its September Patch Tuesday disclosures, has confirmed a just-fixed Internet Explorer vulnerability was exploited as a zero-day before it could be patched. Redmond addressed the security bug – CVE-2024-43461, an "important" spoofing flaw with an 8.8-out-of-10 CVSS severity rating – in an …
IE still pawning Windows OS for nearly 30 years now. And even though you can't run it directly anymore its still lurking around like a bad smell for Edge backward compatibly mode so i don't expect it will go away anytime soon.
MS relies so much on the corporate world for their $$$ and big business want to be able to still run their 20+ year old software that works only with IE, on modern Windows. So I feel its going to be another few decades before Microsoft can truly rid the world of the POS that is IE.
Besides it being the rendering engine for outlook.exe html emails, it's used to render html in business apps..we have one such ourselves.
The stuff being rendered it created on the fly and displayed, no internet anything.
IE11 on the other hand, Jesus T, Christ who is insane enough to use that? But, dear G above, don't do away ieframe.dll.
IE needs to die, but "making a file extension appear harmless" doesn't sound like it should be a CVSS 8.8?
The real problem is that Windows itself hides file extensions by default, and at the same time relies on file extensions to decide whether a file is executable or not, and if not, which executable to pass it to, and which icon to display it with.
An executable file pretending to be a .DOC file will have executable headers, so should never be presented as a "Word Document" file by any OS that gives a toss about security..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
