IT Trenches

Jan 21 2010   9:57PM GMT

Google Aurora attack focused on IE6 – does anybody do autoupdates anymore?

Troy Tate Profile: Troy Tate

Maybe you have heard about the recent news of the attacks against Google known as Aurora. If you haven’t take a look at the stories returned in the Google news search in the previous link.

What strikes me as interesting about this attack is that the focus is on Microsoft’s Internet Explorer 6. Internet Explorer 6 was released in August 2001. Internet Explorer 7 was released in October 2006. Internet Explorer 8 was released in March 2009. So, the recent attacks focused on a 8+ year old application that has been superceded by two full revisions. Didn’t anyone use automatic updates to update their IE? What kept people from updating IE?

I know that Microsoft has released an out-of-cycle update to address the vulnerability. This is a cumulative update for all currently supported of Internet Explorer. So, will this update get applied to at-risk systems? Hmmm… I wonder since it appears that there is little movement off of older versions of Internet Explorer. The attacks were on well known organizations (Google, Adobe, Juniper). Why would they still be using this older version of IE? It seems like this would raise questions about Microsoft’s penetration of newer operating systems like Vista which would be running IE7.

IE7 had issues with compatibility and html standards. IE8 is much better. Is the compatibility issue so significant that organizations stayed on IE6 rather than moving to IE7 and/or IE8?

Please share your thoughts.

Thanks for reading and let’s continue to be good network citizens!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: