If you use Internet Explorer (the world wonders "why"), you really need to read this. Microsoft has taken the unusual step of releasing a workaround to a security flaw that's in all versions of IE. They've produced the fix because the Bad Guys are exploiting this in the wild with a "Day Zero" attack - an attack for which there's no patch.
If you use Internet Explorer, get thee hence to Microsoft, click the "Fix It" icon that you'll see above the "Fix This Problem" link.
You should know that applying the fix may limit some of the IE functionality that you know and love. It also limits the IE functionality that the Bad Guys know and love. 'nuff said. Microsoft will provide a proper fix in next month's "Patch Tuesday". Oh, and Apple Fanbois can stop your smirking. Don't think I don't see you.
Hat tip: Brian Krebs. If you groove on security, you should follow his security blog.
Unfortunately there are business apps that are only supported for IE. That is the ONLY reason I ever use it.
ReplyDeleteThat patch has actually been out at least a week; I looked at my Windows Update log and I got it on 9/12.
ReplyDeleteIE's JS implementation is still the slowest of the major browsers, but I semi-regularly still use it because, oddly enough, it's generally the most standards-compliant browser these days.