the xt guy Posted May 1, 2014 Share Posted May 1, 2014 http://www.pcpro.co.uk/news/388477/microsoft-updates-windows-xp-to-dodge-ie-flawAlso seeing multiple posts on twitter echoing this news. Link to comment Share on other sites More sharing options...
jaclaz Posted May 1, 2014 Share Posted May 1, 2014 Good .I guess they could not do anything different after the news:http://www.usatoday.com/story/tech/2014/04/28/internet-explorer-bug-homeland-security-clandestine-fox/8409857/of the actual Homeland Security advice:http://www.us-cert.gov/ncas/current-activity/2014/04/28/Microsoft-Internet-Explorer-Use-After-Free-Vulnerability-BeingFor the record (and ironically) the actual document that started it all:http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.htmlmakes a clear distinction between the presence of the vulnerability (which is one thing) and the actual target of the existing exploits (which is another): The vulnerability, however, does appear in IE6 through IE11 though the exploit targets IE9 and higher.in clearer words, people using Internet Explorer 6 to 8, though vulnerable, were/are not (yet) targeted, and thus their environment is/was more secure anyway.Also, unsurprisingly, the actual culprit (vector) seems to me - as often happens - the stupid Adobe Flash.jaclaz Link to comment Share on other sites More sharing options...
dencorso Posted May 1, 2014 Share Posted May 1, 2014 It's out already!MS Security Bulletin MS14-021 and KB2964358. Link to comment Share on other sites More sharing options...
TrevMUN Posted May 2, 2014 Share Posted May 2, 2014 Well, well, well ... And here Microsoft was trying to use this as part of their FUD campaign. Link to comment Share on other sites More sharing options...
vipejc Posted May 2, 2014 Share Posted May 2, 2014 Just for fun I checked Windows Update for new updates earlier, and sure enough this one for IE8 came up. So much for XP and IE8 end of support. LOL I guess Microsoft figured even though they were hard pressed to kill XP, this vulnerability was too serious to ignore. Do you think we'll see this tactic more for XP? Link to comment Share on other sites More sharing options...
dencorso Posted May 2, 2014 Share Posted May 2, 2014 It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW). Link to comment Share on other sites More sharing options...
MagicAndre1981 Posted May 2, 2014 Share Posted May 2, 2014 (edited) I think it is wrong to patch XP. Now the users think they still get patches for all issues and will never go to Windows 7. Edited May 2, 2014 by MagicAndre1981 Link to comment Share on other sites More sharing options...
Guest Posted May 2, 2014 Share Posted May 2, 2014 Don't you mean Windows 8.1? The holdouts will hold out regardless. The updates are important enough for an out-of-band release, which seems to indicate they're important enough to warrant a special release for XP which has only been EoS for a few weeks. Even stalwarts like myself should know better than to expect MS to extend its generosity forever. Link to comment Share on other sites More sharing options...
ND22 Posted May 2, 2014 Share Posted May 2, 2014 (edited) I do not understand: why no support for Xp after april 8 when server 2003 which has the same kernel is supported until july 14 2015! It would give time to users to move if they want to and MS would use the same people that make patches for windows server 2003 to test those patches with XP! Edited May 2, 2014 by ND22 Link to comment Share on other sites More sharing options...
Guest Posted May 2, 2014 Share Posted May 2, 2014 For 64-bit, XP and Win2003 do use the same kernel. They use the same update packages and service packs. 32-bit is different. Update packages are different. Service packs are different. File versions are different. Link to comment Share on other sites More sharing options...
dencorso Posted May 2, 2014 Share Posted May 2, 2014 In general you're right. But for x86 IE7 and x86 IE8 the files are the exact same version, although they clearly are different compilations, but I bet the mshtml.dll intended for 2003 works alright in XP, and vice versa... Link to comment Share on other sites More sharing options...
Guest Posted May 2, 2014 Share Posted May 2, 2014 It does. Just tested it. WU and everything. Link to comment Share on other sites More sharing options...
submix8c Posted May 2, 2014 Share Posted May 2, 2014 @dencorso - Thanks for watching for it + the links.@MagicAndre1981 - Generally speaking, it's irrelevant. EOS has happened and this is an IE issue, not an XP issue. XP has already "pushed" IE8 at everyone long ago. Note dencorso's comment. Also, MS "marketing" will prevail against the "masses".@ND22&5eraph - Please note that Server2K3 (RTM files dated 03/25/2003 to be exact) came out well after XP (RTM files dated 08/23/2001 to be exact). The SP's between them slightly lag (XP-SP1a at files approx. 03/31/2003 coinciding with 2K3 RTM / XP-SP3=Apr2008 & 2K3-SP2=Feb2007) and understanding that SERVERS ("difficult" to upgrade) are more critical than CLIENTS ("easy" to upgrade), also noting an SP3 was NEVER released for 2K3 (which would have been dated beyond XP-SP3). So don't you think it's natural that 2K3 will have support for one more year?@-X- DOH! Now you have to update the UDC script! And thanks dencorso/-X- for info/testing.@All - Merry Belated Christmas from MS! Link to comment Share on other sites More sharing options...
vipejc Posted May 2, 2014 Share Posted May 2, 2014 It may happen. It only depends on what's perceived as more damaging to MS: to release a post-EoS security update (observe that the current one is for IE 6-11, not XP!) or to live with 25-30% of all computers running on an unpatched OS (and that's about 1/3 of all the Windows machines, BTW).Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. Link to comment Share on other sites More sharing options...
dencorso Posted May 2, 2014 Share Posted May 2, 2014 [...] (observe that the current one is for IE 6-11, not XP!) [...] Technically, no IE8 isn't XP, but what I meant is IE8 supports XP, so it's like extending End of Support for XP. True enough! And, since IE8 is supported both on Win Server 2003 (EoS: Jul 14, 2015), on WEPOS (EoS: Apr 12 2016), and on Win Embedded POSReady 2009 (EoS: Apr 09, 2019 viz.: MS PLS), then all IE8 components and patches go on up to at least Apr 09, 2019. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now