« Gertz: John Walker Lindh Warns of New Strike Against America | Main | Perl.com Publishes an Introduction to Software Testing in Perl »

Microsoft Has Let "Devastating Browser Download Hole" Exist Since November 19

Yesterday, Newsbytes reported that Microsoft will patch a flaw in Internet Explorer that allows malicious code to be silently downloaded and executed. The vulnerability definitely affects IE for Windows 5, 5.5, and 6, and may affect some versions of Outlook, Outlook Express, and Eudora. Microsoft was made aware of this problem three weeks ago.

If the vulnerability is a "devastating browser download hole" as the Newsbytes article says, Microsoft's response was not nearly fast enough. Also, the security by obscurity approach taken by the organization that discovered the problem is preventing people who are at risk from making a proper assessment of potential security threats.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)


CTDATA Venutures (CTDATA) develops Internet and Intranet applications for corporations and non profit organizations. Our services include:

  • Consulting services for Movable Type and TypePad-based publishing systems (visit our Weblog Improvement website for more information),
  • Financial services business process consulting,
  • Content management system and knowledge management system consulting,
  • Apache web server engineering and hosting,
  • MySQL, Sybase, and Microsoft SQL Server architecture and development,
  • SOAP, REST, and XML-RPC system architecture and programming, including Amazon Web Services and
  • Weblog publishing.
For more information, contact Dave Aiello by email at dave [at] daveaiello.com or call him at +1-267-352-4420.
Copyright © 1995-2010, CTDATA Ventures. All Rights Reserved.
Powered by
Movable Type 4.25