 |
Microsoft today released an emergency patch for Internet Explorer versions back to version 5.01 to fix a gaping security hole that was being exploited so massively that security experts were recommending that people stop using Internet Explorer entirely until it was fixed. Since the bad guys were exploiting it before Microsoft knew it existed, the exploit is termed "zero day" because that is how much notice Microsoft got of the problem. It is also termed an "drive-by" exploit since a user could pick up a malware infestation by merely using IE to browse any of thousands of compromised websites. In short, it was really nasty stuff.
Here are the emergency patch details from Microsoft:
This security update resolves a publicly disclosed vulnerability. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6 Service Pack 1, and Internet Explorer 7. For information about Internet Explorer 8 Beta 2, please see the section, Frequently Asked Questions (FAQ) Related to This Security Update. For more information, see the subsection, Affected and Non-Affected Software, in this section.
…
Recommendation. Microsoft recommends that customers apply the update immediately.
Aside from the table of download locations listed at the above link, the emergency patch is also available through Windows Update and Microsoft Update.
Back in July, Microsoft indicated that there would be one more beta of Internet Explorer 8 and that the final version would ship before the end of 2008. Beta 2 was duly released in August, but yesterday, Microsoft’s Dean Hachamovitch revealed that based on the results from Beta 2, the new date for IE8 is sometime in 2009:
We will release one more public update of IE8 in the first quarter of 2009, and then follow that up with the final release. Our next public release of IE (typically called a “release candidate”) indicates the end of the beta period. We want the technical community of people and organizations interested in web browsers to take this update as a strong signal that IE8 is effectively complete and done. They should expect the final product to behave as this update does. We want them to test their sites and services with IE8, make any changes they feel are necessary for the best possible customer experience using IE8, and report any critical issues (e.g., issues impacting robustness, security, backwards compatibility, or completeness with respect to planned standards work). Our plan is to deliver the final product after listening for feedback about critical issues.
Hachamovitch wants concerned developers to download Beta 2 and wring it out, because Microsoft plans to make only the most critical changes to the release candidate before it ships.
Every Web developer wants IE8 to be solid, if only in self defense, but I can’t help but think that Microsoft is ill served by this monolithic release model while nimble Firefox ships updates and new versions at a furious pace. Perhaps Microsoft can adopt that model after they get IE8 out the door.
Microsoft’s Dean Hachamovitch today announced the availability of beta 2 of Internet Explorer 8. Prospective tire kickers can grab a copy at the Windows Internet Explorer 8 Home Page. Hachamovitch also lists new IE 8 features including reopening closed tabs, a "Smart Address Bar," and various safety and reliability enhancements.
Frankly, I have rather unwillingly given up on Internet Explorer 7 since it is such a lumbering behemoth particularly when using tabs. The only time I ever voluntarily open it is when I need to print a Web page (because the IE printing fidelity is superior to Firefox) and when I am checking how pages render in IE, since it is still the predominant browser and sets its own peculiar standard. In that regard, Hachamovitch reported that
IE8 is more interoperable with other web browsers and web standards. The contribution of CSS 2.1 test cases to the W3C is an important in order to really establish a standard way to assess standards support. We think that CSS 2.1 remains the most important place to deliver excellent interoperability between browsers.
…
After deciding to default IE8 to the most standards-compliant mode available, we wanted to be sure to address compatibility concerns for organizations and individuals. Would websites that expect IE8 to behave the way IE7 does create a problem for end-users? Since March, we’ve been telling developers about a small change they can make to their sites to tell IE8 to show their sites as IE7 does. Many have – but there are a lot of sites that may have not yet addressed this. The Compatibility View button (new to IE8 Beta 2) is a good solution to provide end-users a good experience as the web transitions.
It appears that Microsoft is really attempting to stuff the incompatibility genie back in the bottle which is all to the good, but the proof will be in the pudding on that and IE8 performance.
Update on August 8, 2008: Microsoft has released a convenient crib sheet listing the new features of IE8 beta 2.
Yesterday Microsoft held their annual Financial Analyst Meeting for 2008 and while you can view the full video and (nearly unreadable) transcripts of the presentations, it was mostly predictable fare. However, there were a few newsworthy nuggets::
Steve Ballmer (Chief Executive Officer)
"One last thing I wanted to also talk about is an extension of our Facebook relationship where we are extending it to Search and Page Search. We will be providing an API to Facebook where they will create a rich search experience, including a Web search for the Facebook users. And that’s something that they will launch in the fall, working with us, and it’ll carry both our Web results as well as our Page Search advertising."
Bill Veghte (SVP, Online Services)
We still have the possibility of doing a search transaction, which we think makes some economic sense. If I had a worry it’s the parallel paths continue, and about the time Yahoo decides that search deal makes sense for them is probably about the time that we have committed to our own plan so much that it may no longer make sense for us."
