Internet Explorer’s 284 day Vulnerability Saga
Anyone that uses Internet Explorer is only too aware of the regular updates released by Microsoft Central to patch over the latest critical flaws discovered in the browser.
According to an article by Brian Krebs in the Washington Post on Thursday reveals that Internet Explorer was generally vulnerable to attacks for more than 9 months of 2006. To quote from Brian’s article:
"For all its touted security improvements, the release of Microsoft's new Internet Explorer 7 browser in November came too late in the year to improve the lot of IE users, who make up roughly 80 percent of the world's online community. For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.
In a total of ten cases last year, instructions detailing how to leverage "critical" vulnerabilities in IE were published online before Microsoft had a patch to fix them. "
The Table listing all the Internet Explorer vulnerabilities from when they first arose to their final resolution makes for disturbing reading. Not only is there a lot of overlaps in reported security holes, but in 4 cases Microsoft had to issue patches to fix 0 day flaws. In one instance an exploit was left unfixed for nearly 3 months!
Brian also made the comparison to Internet Explorer’s nearest competitor:
"In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."
So are the hackers and identity fraudsters exploiting Microsoft for all its crimes or, because they are the most used browser – used by roughly 80% of the online world?
If the comparison of Browser Statistics at W3Schools.com is anything to go by, then the previous year’s events could prove to be worrying for Microsoft. From December 2005 – when all the problems began. IE5-6 usage totaled 74.5%. On November 2006, IE version 5-7 totaled 59.9%.
Whereas since its release at the end of 2004, FireFox has steadily risen over the last 2 years to 29.9% in November.
According to an article by Brian Krebs in the Washington Post on Thursday reveals that Internet Explorer was generally vulnerable to attacks for more than 9 months of 2006. To quote from Brian’s article:
"For all its touted security improvements, the release of Microsoft's new Internet Explorer 7 browser in November came too late in the year to improve the lot of IE users, who make up roughly 80 percent of the world's online community. For a total 284 days in 2006 (or more than nine months out of the year), exploit code for known, unpatched critical flaws in pre-IE7 versions of the browser was publicly available on the Internet. Likewise, there were at least 98 days last year in which no software fixes from Microsoft were available to fix IE flaws that criminals were actively using to steal personal and financial data from users.
In a total of ten cases last year, instructions detailing how to leverage "critical" vulnerabilities in IE were published online before Microsoft had a patch to fix them. "
The Table listing all the Internet Explorer vulnerabilities from when they first arose to their final resolution makes for disturbing reading. Not only is there a lot of overlaps in reported security holes, but in 4 cases Microsoft had to issue patches to fix 0 day flaws. In one instance an exploit was left unfixed for nearly 3 months!
Brian also made the comparison to Internet Explorer’s nearest competitor:
"In contrast, Internet Explorer's closest competitor in terms of market share -- Mozilla's Firefox browser -- experienced a single period lasting just nine days last year in which exploit code for a serious security hole was posted online before Mozilla shipped a patch to remedy the problem."
So are the hackers and identity fraudsters exploiting Microsoft for all its crimes or, because they are the most used browser – used by roughly 80% of the online world?
If the comparison of Browser Statistics at W3Schools.com is anything to go by, then the previous year’s events could prove to be worrying for Microsoft. From December 2005 – when all the problems began. IE5-6 usage totaled 74.5%. On November 2006, IE version 5-7 totaled 59.9%.
Whereas since its release at the end of 2004, FireFox has steadily risen over the last 2 years to 29.9% in November.
Labels: ie6, internet explorer 6
