Jump to content

MS to release patch for IE bug including Windows XP

the xt guy

By the xt guy
in Windows XP

 Share

Recommended Posts


jaclaz

jaclaz

Posted
Posted

Good :).

I guess they could not do anything different after the news:

http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/

of the actual Homeland Security advice:

http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-Being

For the record (and ironically) the actual document that started it all:

http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html

makes a clear distinction :yes: between the presence of the vulnerability (which is one thing) and the actual target of the existing exploits (which is another):

The vulnerability, however, does appear in IE6 through IE11 though the exploit targets IE9 and higher.

in clearer words, people using Internet Explorer 6 to 8, though vulnerable, were/are not (yet) targeted, and thus their environment is/was more secure anyway.

Also, unsurprisingly, the actual culprit (vector) seems to me - as often happens - the stupid Adobe Flash.

jaclaz

Link to comment
Share on other sites
vipejc

vipejc

Posted
Posted

Just for fun I checked Windows Update for new updates earlier, and sure enough this one for IE8 came up. So much for XP and IE8 end of support. LOL I guess Microsoft figured even though they were hard pressed to kill XP, this vulnerability was too serious to ignore. Do you think we'll see this tactic more for XP?

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW).

Link to comment
Share on other sites
Guest

Guest

Posted
Posted

Don't you mean Windows 8.1? The holdouts will hold out regardless. The updates are important enough for an out-of-band release, which seems to indicate they're important enough to warrant a special release for XP which has only been EoS for a few weeks. Even stalwarts like myself should know better than to expect MS to extend its generosity forever.

Link to comment
Share on other sites
ND22

ND22

Posted
Posted (edited)

I do not understand: why no support for Xp after april 8 when server 2003 which has the same kernel is supported until july 14 2015! It would give time to users to move if they want to and MS would use the same people that make patches for windows server 2003 to test those patches with XP!

Edited by ND22
Link to comment
Share on other sites
Guest

Guest

Posted
Posted

For 64-bit, XP and Win2003 do use the same kernel. They use the same update packages and service packs.

32-bit is different. Update packages are different. Service packs are different. File versions are different.

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

In general you're right. But for x86 IE7 and x86 IE8 the files are the exact same version, although they clearly are different compilations, but I bet the mshtml.dll intended for 2003 works alright in XP, and vice versa...

post-134642-0-71018600-1399016780_thumb.

Link to comment
Share on other sites
submix8c

submix8c

Posted
Posted

@dencorso - Thanks for watching for it + the links.
@MagicAndre1981 - Generally speaking, it's irrelevant. EOS has happened and this is an IE issue, not an XP issue. XP has already "pushed" IE8 at everyone long ago. Note dencorso's comment. Also, MS "marketing" will prevail against the "masses".
@ND22&5eraph - Please note that Server2K3 (RTM files dated 03/25/2003 to be exact) came out well after XP (RTM files dated 08/23/2001 to be exact). The SP's between them slightly lag (XP-SP1a at files approx. 03/31/2003 coinciding with 2K3 RTM / XP-SP3=Apr2008 & 2K3-SP2=Feb2007) and understanding that SERVERS ("difficult" to upgrade) are more critical than CLIENTS ("easy" to upgrade), also noting an SP3 was NEVER released for 2K3 (which would have been dated beyond XP-SP3). So don't you think it's natural that 2K3 will have support for one more year?
@-X- DOH! Now you have to update the UDC script! And thanks dencorso/-X- for info/testing.

@All - Merry Belated Christmas from MS! :w00t:

Link to comment
Share on other sites
vipejc

vipejc

Posted
Posted

It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW).

Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. :yes:

Link to comment
Share on other sites
dencorso

dencorso

Posted
Posted

[...] (observe that the current one is for IE 6-11, not XP!) [...]

 

Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. :yes:

 

True enough! And, since IE8 is supported both on Win Server 2003 (EoS: Jul 14, 2015), on WEPOS (EoS: Apr 12 2016), and on Win Embedded POSReady 2009 (EoS: Apr 09, 2019 viz.: MS PLS), then all IE8 components and patches go on up to at least Apr 09, 2019. :D

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...