Much has been written about the recent hack targeting Google, but somewhat lost in the shuffle is that the attack specifically targets Internet Explorer 6 on Windows 2000 and Windows XP. Based on their analysis of the attack, Microsoft’s Security Research and Defense blog urges users to upgrade to a newer platform or enable DEP (only available on Windows XP Service Pack 2 or later).
In their blog post, Assessing risk of IE 0day vulnerability, Microsoft outlines the potential impact on the main OS and browser combinations.
|
Windows 2000 |
Windows XP |
Windows Vista |
Windows 7 |
| Internet Explorer 6 |
Exploitable |
Exploitable (current exploit effective for code execution) |
N/A
(Vista ships with IE7) |
N/A
(Windows 7 ships with IE  |
| Internet Explorer 7 |
N/A
(IE 7 will not install on Windows 2000) |
Potentially exploitable (current exploit does not currently work due to memory layout differences in IE 7) |
IE Protected Mode prevents current exploit from working. |
N/A
(Windows 7 ships with IE |
| Internet Explorer 8 |
N/A
(IE 8 will not install on Windows 2000) |
DEP enabled by default on XP SP3 prevents exploit from working. |
IE Protected Mode + DEP enabled by default prevent exploit from working. |
IE Protected Mode + DEP enabled by default prevent exploit from working. |
In spite of this, Microsoft still has no plans to drop support for IE6, leaving it up to the individual to upgrade if they desire. Because of this, there are still many major corporations that have not yet upgraded from this now ancient browser – IE 7 was released over 3 years ago.
Even though this event is likely to not change their behavior, if upgrading the operating system is not an option, they should at least consider deploying Firefox and the awesome extension IE Tab for those times when they just have to use Internet Explorer.
Also – Google doesn’t get a free pass here. How is it that the maker of the most secure browser still has workstations running IE6?
Tags:
chrome,
dep,
google,
internet explorer,
microsoft,
security 
When you replace your computers, what happens to the data on them? With increased legal scrutiny and identity theft protections, it is important for you to know exactly what happens to the information on your end of life computers. Some companies prefer to keep this responsibility in-house, using tools like Blancco, KillDisk, or dBan. Software drive wiping can take a long time, and if you have a large number of machines to wipe, dedicating an employee to wipe drives can be costly. More »