Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


the xt guy

MS to release patch for IE bug including Windows XP

Recommended Posts


Good :).

I guess they could not do anything different after the news:

http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

of the actual Homeland Security advice:

http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

For the record (and ironically) the actual document that started it all:

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

makes a clear distinction :yes: between the presence of the vulnerability (which is one thing) and the actual target of the existing exploits (which is another):

The vulnerability, however, does appear in IE6 through IE11 though the exploit targets IE9 and higher.

in clearer words, people using Internet Explorer 6 to 8, though vulnerable, were/are not (yet) targeted, and thus their environment is/was more secure anyway.

Also, unsurprisingly, the actual culprit (vector) seems to me - as often happens - the stupid Adobe Flash.

jaclaz

Share this post


Link to post
Share on other sites

Well, well, well ... And here Microsoft was trying to use this as part of their FUD campaign.

Share this post


Link to post
Share on other sites

Just for fun I checked Windows Update for new updates earlier, and sure enough this one for IE8 came up. So much for XP and IE8 end of support. LOL I guess Microsoft figured even though they were hard pressed to kill XP, this vulnerability was too serious to ignore. Do you think we'll see this tactic more for XP?

Share this post


Link to post
Share on other sites

It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW).

Share this post


Link to post
Share on other sites

I think it is wrong to patch XP. Now the users think they still get patches for all issues and will never go to Windows 7.

Edited by MagicAndre1981

Share this post


Link to post
Share on other sites
Guest

Don't you mean Windows 8.1? The holdouts will hold out regardless. The updates are important enough for an out-of-band release, which seems to indicate they're important enough to warrant a special release for XP which has only been EoS for a few weeks. Even stalwarts like myself should know better than to expect MS to extend its generosity forever.

Share this post


Link to post
Share on other sites

I do not understand: why no support for Xp after april 8 when server 2003 which has the same kernel is supported until july 14 2015! It would give time to users to move if they want to and MS would use the same people that make patches for windows server 2003 to test those patches with XP!

Edited by ND22

Share this post


Link to post
Share on other sites
Guest

For 64-bit, XP and Win2003 do use the same kernel. They use the same update packages and service packs.

32-bit is different. Update packages are different. Service packs are different. File versions are different.

Share this post


Link to post
Share on other sites

In general you're right. But for x86 IE7 and x86 IE8 the files are the exact same version, although they clearly are different compilations, but I bet the mshtml.dll intended for 2003 works alright in XP, and vice versa...

post-134642-0-71018600-1399016780_thumb.

Share this post


Link to post
Share on other sites
Guest

It does. Just tested it. WU and everything.

Share this post


Link to post
Share on other sites

@dencorso - Thanks for watching for it + the links.
@MagicAndre1981 - Generally speaking, it's irrelevant. EOS has happened and this is an IE issue, not an XP issue. XP has already "pushed" IE8 at everyone long ago. Note dencorso's comment. Also, MS "marketing" will prevail against the "masses".
@ND22&5eraph - Please note that Server2K3 (RTM files dated 03/25/2003 to be exact) came out well after XP (RTM files dated 08/23/2001 to be exact). The SP's between them slightly lag (XP-SP1a at files approx. 03/31/2003 coinciding with 2K3 RTM / XP-SP3=Apr2008 & 2K3-SP2=Feb2007) and understanding that SERVERS ("difficult" to upgrade) are more critical than CLIENTS ("easy" to upgrade), also noting an SP3 was NEVER released for 2K3 (which would have been dated beyond XP-SP3). So don't you think it's natural that 2K3 will have support for one more year?
@-X- DOH! Now you have to update the UDC script! And thanks dencorso/-X- for info/testing.

@All - Merry Belated Christmas from MS! :w00t:

Share this post


Link to post
Share on other sites

It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW).

Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. :yes:

Share this post


Link to post
Share on other sites

[...] (observe that the current one is for IE 6-11, not XP!) [...]

 

Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. :yes:

 

True enough! And, since IE8 is supported both on Win Server 2003 (EoS: Jul 14, 2015), on WEPOS (EoS: Apr 12 2016), and on Win Embedded POSReady 2009 (EoS: Apr 09, 2019 viz.: MS PLS), then all IE8 components and patches go on up to at least Apr 09, 2019. :D

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...