Patch Tuesday the second Tuesday of every month brings with it routine cumulative updates for the browser, sometimes addressing two- or three-dozen CVEs, most of which enable remote code execution and bypass some existing security mitigation. Microsoft, for its part, continues to roll out patches for IE at a near record pace. “The web browser on the other hand is of course used to constantly process data from potentially untrusted sources leaving users exposed to a wide range of attack.” “In most cases an attacker will need to already have access to a local network or be able to trick users into opening malicious files as part of a successful attack leveraging Windows XP vulnerabilities,” said Tripwire security researcher Craig Young. Given that browsers historically offer hackers a much juicier attack surface than operating systems, folks may want to take Tuesday’s deadline seriously. Researchers at Duo Security, examining traffic moving through their services, put the percentage a bit higher for IE 9 and 10-almost 36 percent-running on Windows 7, 8, or 8.1. , for example, says that while IE 11 holds more than 25 percent of market share, IE 8, 9 and 10 combined still account for more than 20 percent. Statistics from a number of sources bear out the fact that there remains a significant percentage of web traffic moving through IE. Microsoft made the call almost 18 months ago, giving businesses ample time to prepare for the day when those versions of IE, battered by zero-days, exploit kits and targeted attacks, should be retired.Įnterprises and midmarket companies reliant on homegrown web applications that were built for IE 8, 9 or 10 aren’t in any hurry for a costly retool of those programs to work seamlessly on IE 11 or the new Edge browser. Next Tuesday will bring the first batch of Microsoft security bulletins for 2016 and it will also herald the end of security support for Internet Explorer versions 8, 9 and 10 on some Microsoft platforms. The anticipated malware apocalypse, however, never really came for the remaining XP machines in circulation.Īnd now here we are again with another important Microsoft-imposed deadline at hand, and again anxiety is bubbling-but perhaps with good reason this time. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed. Anxiety was high around Apwhen Microsoft officially closed the door on security support for Windows XP.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |