Software // Enterprise Applications
News
7/29/2004
04:20 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Microsoft To Issue Browser Patch Next Week

The fix for Internet Explorer will finally plug the hole that hackers exploited in a sneak attack last month.

Microsoft executives say a comprehensive patch for Internet Explorer will be released next week, finally plugging the hole that hackers exploited in a sneak attack last month.

In June, several exploits that took advantage of the browser's vulnerabilities hit users, most notably one dubbed Scob, or Download.ject. In that attack, a gang of Russian hackers compromised servers running Microsoft's Internet Information Services software, then dropped a trojan horse onto machines running Internet Explorer that had simply viewed pages from those servers. The trojan, in turn, installed a key logger and other malicious code to pilfer financial information.

Earlier this month, Microsoft posted a temporary fix and then a tool for cleaning infected systems. It also promised that a patch would be ready at some point, but refused to commit to a date. Then, Microsoft officials said in a public online chat session that "We have people working around the clock on it."

It appears that clock is close to striking.

"We're targeting the release within the next week," Dean Hachamovitch said Wednesday in the security-oriented briefing hosted monthly by Mike Nash, the head of Microsoft's security efforts. "We're doing our final checks right now."

The upcoming patch will be released "out of cycle," said Hachamovitch, who oversees development for Internet Explorer. That means it will appear before Microsoft's next regular-scheduled patch day. Microsoft rarely departs from the second-Tuesday-of-the-month schedule, an indication of how critical the company sees the fix. The next scheduled patch day is Aug. 10.

The patch, which will apply to Internet Explorer 5.01, 5.5, and 6.0, was long in development and testing, said Hachamovitch, because "the core vulnerability was complicated." He also noted that extensive testing--both on other applications that might be affected by the patch and the various versions of Internet Explorer and Windows--meant the patch took longer to finalize.

"The question is quality. Fixing the vulnerability [in IE] and breaking something else in the process doesn't help anyone," Hachamovitch said.

Microsoft was taken to task by numerous security experts and analysts for the rash of Internet Explorer vulnerabilities, with some even going so far as to recommend that users dump the browser and use another until the company fixed the flaws.

That may have been behind the 1.32 percentage point drop in the number of surfers using Internet Explorer that monitoring firm WebSideStory noted in mid-July. During an interview then, Geoff Johnston, an analyst with WebSideStory, credited the decrease in Internet Explorer's popularity to a combination of its security woes and solid alternatives. "Millions of people were just waiting for an excuse to change," he said.

Hachamovitch hopes that the soon-to-come patch will convince people to stick with the Microsoft browser. "Users should have confidence that as long as they're running the latest browser with all the latest security fixes...they will have the most powerful and secure browsing experience," he said.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.