|
Title: SECURITY: Microsoft's April security updates now available Post by: Trippy on April 10, 2007, 06:23:06 PM Microsoft's regular monthly security updates are now available. Includes the animated cursor fix that was discussed here (http://forums.f13.net/index.php?topic=9731.0) plus 4 other Critical security fixes. Fun for the whole family!
http://windowsupdate.microsoft.com/ or http://www.microsoft.com/technet/security/bulletin/ms07-apr.mspx Edit: here's a nice summary of the updates from SANS: http://isc.sans.org/diary.html?storyid=2598 Title: Re: SECURITY: Microsoft's April security updates now available Post by: Yegolev on April 10, 2007, 09:08:53 PM Went to the update site for the first time since Moses began shaving, now that I have a legit key, and I think it's pretty disingenuous to put IE7 in the High Priority section. Also got the .NET 3.0 since I don't think I had any .NET at all after the reinstall.
Title: Re: SECURITY: Microsoft's April security updates now available Post by: Trippy on April 10, 2007, 09:12:29 PM It is to a certain extent except that many of the recent security problems with IE 6 don't affect IE 7. You can also "hide" that selection so that it doesn't show, though you will get a warning that you've hidden an update from then on.
Title: Re: SECURITY: Microsoft's April security updates now available Post by: Yegolev on April 10, 2007, 09:15:22 PM Well, I suppose the security improvements to IE7 apply to IETab in Firefox? Because that would be tolerable.
Title: Re: SECURITY: Microsoft's April security updates now available Post by: Trippy on April 10, 2007, 09:22:30 PM Well, I suppose the security improvements to IE7 apply to IETab in Firefox? Because that would be tolerable. Not sure how IETab works and whether or not IE 6 components (i.e. shdocvw.dll and mshtml.dll) can still co-exist on a system with the IE 7 equivalents after IE 7 is installed.Title: Re: SECURITY: Microsoft's April security updates now available Post by: Lantyssa on April 10, 2007, 09:46:31 PM I haven't looked at the inner workings, but a brief glance at it looked like it simply launched IE within the browser window. I imagine it is susceptible to anything IE is if you are running in that mode.
Title: Re: SECURITY: Microsoft's April security updates now available Post by: Yegolev on April 10, 2007, 09:52:05 PM It sure as hell lets the popups go nuts, just like normal IE. Only just started using it but I think Lantysser is right.
Title: Re: SECURITY: Microsoft's April security updates now available Post by: Trippy on April 10, 2007, 10:08:06 PM IE 4/5/6 is just a "wrapper" around shdocvw.dll which itself is a wrapper around mshtml.dll. "Custom" IE browsers work by putting a different UI around shdocvw.dll. It's also how other applications can embed a Web browser into themselves -- they just use one of those DLLs. Now I'm not familiar enough with the architecture of IE 7 but I do know it doesn't use those two DLLs (hence the reason why it doesn't always share the same exploits). Googling around it does look like the new IE 7 DLLs do coexist with the IE 6 ones so the question is whether or not IETab has been updated to use the new IE 7 DLLs or if it's stuck with the old IE 6 ones.
|