Microsoft Warns That Google, Adobe, and Others Still Use IE6/IE7 Are at Risk

From DailyTech: It's been over eight years since Internet Explorer 6 was released (August 2001) and over three years since Internet Explorer 7 was released (October 2006). However, many IT departments cling to the stale browsers, rather than upgrading to Internet Explorer 8, which was released last March. Justifications for not upgrading are diverse and include potential compatibility issues with applications, the cost in manpower hours to switch to the new browser, and the potential expense of buying new tools to manage the newer browser.

Microsoft's General Manager of Trustworthy Computing Security, George Stathakopoulos, has released a new statement which warns information technology departments to change their ways when it comes to the slow pace of browser upgrades, or risk losing valuable company information. The statement follows on the heels of a successful attack on Google, Adobe, and others, which exploited a memory flaw in Internet Explorer 6 (and potentially IE7) to gain system access.

Writes Microsoft, "That said, we remain vigilant about this threat evolving and want to be sure our customers take appropriate action to protect themselves. That is why we continue to recommend that customers using IE6 or IE7, upgrade to IE8 as soon as possible to benefit from the improved security protections it offers. Customers who are using Windows XP SP2 should be sure to upgrade to both IE8 and enable Data Execution Protection (DEP), or upgrade to Windows XP SP3 which enables DEP by default, as soon as possible. Additionally customers should consider implementing the workarounds and mitigations provided in the Security Advisory."

Microsoft's statement touches on the fact that IT departments also frequently are slow in adopting new operating systems or service packs for similar reasons as the browser reticence -- compatibility, cost, etc.

View: Article @ Source Site