Microsoft has issued an ‘out of band’ patch for the antique Internet Explorer 6 following ill-advised panic on the part of the German and French governments.
The hole in IE6 may have allowed Chinese hackers access to human rights activists’ Gmail accounts and the official government warnings have sparked a leap in downloads for Firefox, recently revealed as the world’s least secure browser.
“Given the significant level of attention this issue has generated, confusion about what customers can do to protect themselves and the escalating threat environment Microsoft will release a security update out-of-band for this vulnerability,” said George Stathakopoulos, general manager of Microsoft’s trustworthy computing security group.
“We take the decision to go out-of-band very seriously given the impact to customers, but we believe releasing an update is the right decision at this time,” he said, adding that the only successful attacks to date were against IE6.
“We continue to recommend customers update to Internet Explorer 8 to benefit from the improved security protection it offers,” he added.
To say that there appears to have been a bit of media hysteria in the reporting of the vulnerability is something of an understatement. The problem stems from a vulnerability in Windows XP, specifically Windows XP using Flash Player 6 – which is currently on version 10. The problem is also specific to the Chinese language version of Internet Explorer 6, which is obviously in widespread use in France and Germany.
Governments are, of course, far better placed to speak with authority on matters of software security than are the companies that write the code. Wheeling out ‘experts’ from ambulance- chasing companies that make a living from selling security products who have absolutely no anti-Microsoft agenda whatsoever should also be treated with a lorry load of salt.