Internet Explorer Flaw Could Lead to Big Bucks for Microsoft

Dennis Faas's picture

After the German and French governments cautioned against the use of its browser Internet Explorer (IE), Microsoft has issued a response that not only looks to reduce the amount of fear that has since surfaced because of the Chinese attacks on Google, but also hopes to land the company some added revenue in the process.

On their Security Research & Defense blog, Microsoft admitted that Internet Explorer 7 and 8 on Windows Vista and Windows 7 did include the flawed code that was exploited in the recent Google attacks, but the flaw only appeared to work against IE6 on Windows 2000 and Windows XP.

In other words, the presence of the code was evident on all IE browsers, but only IE6 running on Windows 2000 and XP was in danger of being compromised.

MS: Cashing In On Security Concerns

Microsoft used the above statement to stress the virtues of an newer version of Internet Explorer and even urged potential consumers to trade in their old operating system for Windows 7.

"As you can see, the client configuration currently at risk is Windows XP running IE6," the blog stated. "We recommend users of IE6 on Windows XP upgrade to a new version of Internet Explorer and/or enable DEP [Data Execution Prevention]. Users of other platforms are at reduced risk. We also recommend users of Windows XP upgrade to newer versions of Windows." (Source:

Microsoft Sends Mixed Messages

Microsoft's current relationship with IE6 and XP is said to be complicated. The company urges users to upgrade their outdated Microsoft applications, often citing security issues as being among the most important reasons to do so. Still, Microsoft will not cancel support for IE6, nor will it stop business add-ons like Windows XP Mode.

Newer Versions of IE, Windows Less Vulnerable

It is important to note that newer versions of Internet Explorer and later Windows releases are not completely invulnerable to the flawed code. Still, Microsoft is adamant in the fact that these newer applications will have "reduced the risk of exploit" because of mitigations to the overall platform like IE Protected Mode and Data Execution Prevention.

Microsoft has yet to issue a patch in response to the flawed code.

Rate this article: 
No votes yet