The Latest IE Debacle

In the water-is-wet department, IE has another enormous security hole that will destroy your machine and could possibly kill your dog.

You’ll find this news everywhere, but Slashdot has a pretty good summary. Basically it’s an exploit of a default data binding setting that will allow a hacker to grab information from your browser (read: passwords) or cause it to crash and execute arbitrary code. It seems to effect every version of IE, from 5 all the way to 8 beta, and every version of Windows. Microsoft currently has no fix, other than an admonishment to “be careful!”. Which is ironic, as careful people aren’t using IE in the first place. Plus, being careful doesn’t really help:

"The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough." Darien Graham-Smith, PC Pro
This is the 3rd outstanding 0-day attack flaw for Microsoft, after the last patch Tuesday which patched like 28 security flaws, the most in 5 years. Even for Microsoft, purveyor of epic security failures, it has been a bad month.

Most experts (read: everybody but Microsoft) are encouraging people to use a different browser - any different browser - until Microsoft can get IE patched. If you’re an IE user, it’s a good time to give Firefox or Chrome a shot. If you try another browser and feel the need to slap yourself for using IE all this time, I won’t try to stop you. Just don’t use your mouse hand.