Major IE Vulnerability Exposed

Users of Microsoft’s Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed.

BBC

This is the tag line that has already greeted many readers today as news travels further about a serious security flaw effecting every version of Internet Explorer from 5 to the latest IE 8 beta.

The exploitation of this vulnerability has already said to have compromised as many as 10,000 websites (roughly 0.02% by Microsoft’s estimation) and been used to steal game passwords, but could potentially be used to steal other more vital information.

“I cannot recommend people switch due to this one flaw,” said John Curran, head of Microsoft UK’s Windows group; however, many security experts are urging users to switch to an alternative browser. Some of the more popular alternatives to Internet Explorer are Firefox, Opera, ChromeSafari, but there are many lesser known alternatives–many of them are free of charge such as Maxthon.

Microsoft is currently working on a patch for this vulnerability, however no release date has been set. This is not to say that you need to unistall IE, nor that other browsers are impervious to vulnerabilities and security flaws. Malware exists due to bugs in the code of programs, and no code is perfect. Patches continue to roll out for every platform (yes, even Mac). While it’s the responsibility of software vendors to fix and release patches in a timely manner, it’s the responsibility of the user to install the patches offered in just as an efficient time frame as well as practice safe habits both online and offline.

Advertisements

Windows XP Sp3 Access Denied Error

WinXpHaving just tried a couple times to install Sp3 and having still received this error–one that frighteningly hasn’t been resolved yet in Sp3–I thought I’d post a quick guide on how to get around this problem using some wicked voodoo The information contained in this guide was taken from here.

If there are any previous installations of either beta or release candidate versions of Sp3, then you must uninstall them before installing the final version.

Download and install subinact.exe.

Open Notepad (Start Menu-All Programs-Accessories-Notepad) and copy and paste the text below into the new Notepad document:

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f
subinacl /subdirectories %SystemDrive% /grant=administrators=f /grant=system=f
subinacl /subdirectories %windir%*.* /grant=administrators=f /grant=system=f
secedit /configure /cfg %windir%\inf\defltbase.inf /db defltbase.sdb /verbose

Save-As “reset.cmd” (yes, including the quotation marks) to C:\Program Files\Windows Resource Kits\Tools.

Now, Open My Computer and double-click the file you just created in C:\Program Files\Windows Resource Kits\Tools.

Wait for the program to finish running before continuing on (yes, it takes a while, that’s normal).

Download and install Windows XP Service Pack 3 (which, although on Microsoft’s servers, is noticeably absent from their website).

Welcome to Service Pack 3 🙂

Update: Don’t bother looking for Sp3 on Microsoft’s official website. Microsoft has pulled Sp3 for XP as well as Sp1 for Vista from their website due to

a compatibility issue between Microsoft Dynamics Retail Management System (RMS) and Windows XP SP3 and Windows Vista Service Pack 1 (SP1). Microsoft Dynamics RMS is a retail chain management solution for small and midsize customers.

Update: 5-16-08: Sp3 is now available through Microsoft’s Windows update as well as in their download center. It’s about time!

Windows XP Sp3 Has Arrived!

Windows XpMicrosoft has officially released Service Pack 3 as of this morning. I had heard from an unconfirmed source that they had only just finished and released it to partners one or two days ago. Although I couldn’t find anything on Microsoft’s website about Sp3 (maybe I’m just blind), I did find this link (md5sum: bb25707c919dd835a9d9706b5725af58) to download Sp3 directly. As always, remember: backup, backup, BACKUP before installing (see above post). 😉

Windows XP Sp3 Release Date

WinXpWhile doing some research online, I came across this bit of information from Neowin: Microsoft will make Sp3 for XP available for download by the general public April 29th. Sp3 won’t hit automatic updates until June 10th, however. More information from Neowin available here.

What’s the big deal about another service pack for an already aged operating system? How does as much as a 10% performance boost sound? One author even suggested that users should upgrade from Vista to XP Sp3. While last month’s Sp1 for Vista provided countless bug fixes, benchmarks have shown that overall performance is actually slower than pre-Sp1. The real-world user experience sometimes is far different from synthetic benchmarks.

If you’re curious about Sp3 for XP, I’d recommend you head over to Paul Thurrott’s Faq.

Oh, and a word of warning for those of you who would be tempted to try the Release Candidate 2 Refresh…Out of impatience, I tried installing this on my system, and after several failed attempts and a good deal of voodoo (aided by searching Google), I finally was able to.