While some quotes in the media (bbc.co.uk) have been misunderstood (slashdot), making everyone think Microsoft urged users to switch to other browsers. This wasn't exactly true. But a lot of outside security experts are giving this advice.
Let me remind you that Firefox was voted most vulnerable software in 2008 (Zdnet) and that Opera just released Version 9.63 to fix several serious security vulnerabilities (ZDnet). Nothing is perfect.
I don't want to start a flaming war, I'm still using Firefox + Noscript myself and will advise other to do so. But good vulnerability and patch management (at home or at work) is as important as the choice of (browser) software.
But Microsoft did acknowledge the seriousness of the current security issue and announced that they will be releasing an out of cycle security bulletin tomorrow for the IE zero day. So you can now patch your workstations ASAP (if you haven't deployed other countermeasures)!!!
More information on
http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx
UPDATE: The irony. Mozilla also just released Firefox 3.0.5 (mozilla.org) which also includes critical security fixes for XSS and JavaScript privilege escalation issues.
Previous posts:
- Internet Explorer 0-day impacts IE6 and IE8 as well. Indication of exploitation by SQL injections increase.
- Summary on the IE7 browser 0-day exploit
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
No comments:
Post a Comment