image

The advisory from yesterday (1/18/2010) at the Microsoft Security Response Center is a good read for anyone interested in the latest news on known exploits to Internet Explorer.

The bad news:

For IE 6, “attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6

The good news:

“…at this time, we have not seen any successful attacks against Internet Explorer 7. However, earlier today, we were made aware of reports that researchers have developed Proof-of-Concept (PoC) code that exploits this vulnerability on Internet Explorer 7 on Windows XP and Windows Vista.  We are actively investigating, but cannot confirm, these claims.”

The best news:

“We have not seen successful attacks on Internet Explorer 8.  We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.”

“So what are you saying, Kevin?”

I’m saying that you should get you and your companies standardized on IE 8 sooner rather than later; especially if you are still running Internet Explorer 6.  Do what you can to roll it out into production.  Help is available. 

“But, why should I use IE at all?  Won’t I be safer with some other browser?”

In the sense that those browsers are simply TARGETED less often (because there are fewer of them out there), you might think so.  But they are not less vulnerable.  In fact, NSS Labs found that in some very important areas they were MORE vulnerable than IE8.