Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: IE8 after KB2530548 and KB2544521

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as locked.
Bundaburra IE8 after KB2530548 and KB2544521
Member 15th Jun, 2011 05:25
Ranking: 0
Posts: 21
User Since: 18th Feb, 2008
System Score: 100%
Location: AU
After application of these two patches, which were in the June Microsoft updates, is IE8 still considered to be insecure?

This user no longer exists RE: IE8 after KB2530548 and KB2544521
Member 15th Jun, 2011 14:19
Hi,

The PSI is a Security Patch checker.

This implies that, when you have installed all Security Patches, the PSI will show you as Secure, since there are no further actions you can take to obtain a more secure status (Or at least, any simple actions, done automatically by the PSI and supported by Secunia, such as patching. There are often workarounds on our advisories, which as such are not supported and only recommended for advanced users).

However, Secunia is aware that particularly browsers are not always secure even if you apply all patches. There is a threat from particularly unpatched vulnerabilities, and especially in browsers and their plugins.

Therefore, we provide a Secure Browsing page in the PSI. In the PSI 2.0 you can enable this site on the settings page.

This site will then allow you to determine the security status of each browser on your system, including the prescence of unpatched vulnerabilities. While you cannot as such do anything to rectify these, you can make an assesment which of the browsers on your system you consider secure, or which plugin you would want to disable.

The feature is only recommended for advanced users, and keep in mind that the vulnerabilities shown on this page are not fix - and as such Secunia can't do anything to help you solve the security problems.

Hope this helps.
Was this reply relevant?
+0
-0
Bundaburra RE: IE8 after KB2530548 and KB2544521
Member 17th Jun, 2011 00:42
Score: 0
Posts: 21
User Since: 18th Feb 2008
System Score: 100%
Location: AU
Thanks for the explanation.

The reason I asked about this was that I have applied the two patches mentioned, and after that I ran the Secunia scan. After the scan, IE8 is still listed under "secure browsing' as not secure. When I look at the advisory, SA24314, it says it was last updated on 2009-05-12, which is obviously way before these latest patches. Therefore I wanted to know whether the vulnerability mentioned in SA24314 has in fact been subsequently fixed. Your explanation of the mechanism is fine, but does not answer my specific question.

As there have been various patches for IE8 since 2009-05-12, is that advisory now out of date, and is IE8 in fact now "safe" to use?
Was this reply relevant?
+0
-0
Maurice Joyce RE: IE8 after KB2530548 and KB2544521
Handling Contributor 17th Jun, 2011 01:45
Score: 11792
Posts: 9,036
User Since: 4th Jan 2009
System Score: N/A
Location: UK
I have commended on this thread which may be of interest to U.

http://secunia.com/community/forum/thread/show/974...

I would still leave this thread open for possible comment by Secunia Support.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+1
-0
This user no longer exists RE: IE8 after KB2530548 and KB2544521
Member 17th Jun, 2011 09:26
Hi,

Vulnerabilities do not become less dangerous after a long time. Quite the contrary, as the vulnerability become more known, malicious 'hackers' can find new ways to exploit it.

When an advisory puts a program in the insecure category, this is true. Unless there is any specific evidence that the vulnerability is fixed (or our tests show that it is), it will be considered insecure indefinitively.

Contact Microsoft for a resolution if this concerns you. The more people add pressure, the more likely it is they will budge and fix it.

hope this helps.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer