It's time to stop using IE6
If your organization still uses IE6 on Windows XP, just stop. Stop right now.
The market is filled with excellent alternatives to IE6, including Google Chrome, Mozilla Firefox, Opera. If you need to use IE6 for compatibility with certain websites, or applications, you have an alternative from Microsoft itself. IE6 was replaced with a new, more secure Internet Explorer 7 in October 2006, more than 40 months ago. And Internet Explorer 8 was released in March 2009, almost a year ago. Both browsers have great improvements in usability, including tabs, but the most important point is security. (not so, yeah :))
Any IT professional who allows Ie6 to be used in a corporate network is guilty of negligence. Think judgment is too harsh? Ask security experts at Google, Adobe and many other large organizations that are fighting off a wave of targeted attacks, which allowed the source codes and secret data to fall into the hands of well-organized attackers. What was the starting point? According to Microsoft, this is IE6 :
In the section “Mitigating factors”, the Microsoft Security Response Center in particular, notes that the exploit used in this case does not run under IE7 and IE8 in Windows Vista or Windows 7. You have another additional level of protection if you use IE8, even under Windows XP Service Pack 3, due to data execution prevention (DEP), which is enabled by default.
The accompanying message from Jonathan Ness, on the Microsoft Research Center Technical Team blog, is more explicit:
If your organization still forces you to use IE6 on Windows XP, send this message to your director, your CIO, and each member of the board of directors of your company. Do not forget to include this schedule:
')
Yes, this dependence will be corrected, probably in the coming days. But the next ones are just around the corner; perhaps the exploits are deploying right now. In 2010, when many alternatives are available, there is no excuse for continuing to use insecure Internet infrastructures.
Users of IE6, it is time to move on. Your IT staff has been whiter than three years to come up with an alternative to IE6. If they fail, maybe it's time to replace them as well.
Original article.
The market is filled with excellent alternatives to IE6, including Google Chrome, Mozilla Firefox, Opera. If you need to use IE6 for compatibility with certain websites, or applications, you have an alternative from Microsoft itself. IE6 was replaced with a new, more secure Internet Explorer 7 in October 2006, more than 40 months ago. And Internet Explorer 8 was released in March 2009, almost a year ago. Both browsers have great improvements in usability, including tabs, but the most important point is security. (not so, yeah :))
Any IT professional who allows Ie6 to be used in a corporate network is guilty of negligence. Think judgment is too harsh? Ask security experts at Google, Adobe and many other large organizations that are fighting off a wave of targeted attacks, which allowed the source codes and secret data to fall into the hands of well-organized attackers. What was the starting point? According to Microsoft, this is IE6 :
At this time, we realize that limited, targeted attacks are trying to exploit this vulnerability in Internet Explorer 6. We have not seen attacks on other versions of Internr Explorer.
[...]
New versions of Internet Eplorer, and then Windows releases with a reduced risk to exploits, which we observe due to a shrinking platform, are explained in the blog below.
In the section “Mitigating factors”, the Microsoft Security Response Center in particular, notes that the exploit used in this case does not run under IE7 and IE8 in Windows Vista or Windows 7. You have another additional level of protection if you use IE8, even under Windows XP Service Pack 3, due to data execution prevention (DEP), which is enabled by default.
The accompanying message from Jonathan Ness, on the Microsoft Research Center Technical Team blog, is more explicit:
I want one thing to become completely obvious. The attacks that we have seen so far, including publicly published exploits, affect only clients using Internet Explorer 6. As stated in the security advisory, while new versions of Internet Explorer are affected by this vulnerability, reducing factors exist that make exploitation much more difficult.
If your organization still forces you to use IE6 on Windows XP, send this message to your director, your CIO, and each member of the board of directors of your company. Do not forget to include this schedule:
')
Yes, this dependence will be corrected, probably in the coming days. But the next ones are just around the corner; perhaps the exploits are deploying right now. In 2010, when many alternatives are available, there is no excuse for continuing to use insecure Internet infrastructures.
Users of IE6, it is time to move on. Your IT staff has been whiter than three years to come up with an alternative to IE6. If they fail, maybe it's time to replace them as well.
Original article.
Source: https://habr.com/ru/post/81020/
All Articles