Yeah, just 2 weeks after support for XP is terminated, they suddenly "discover" this security flaw. The cynical part of me thinks they knew before XP support ended, just another way to force the purchase of newer software. With 20% of computers still running XP, they ought to fix this for XP users too.
Originally posted by 2.5: Is it safe to have I.E. installed but not use it? Or should it be somehow removed?
Most/all no choice. IE runs many services like Window Update site, most/all MS Cloud services, etc.
Any browser isn't much safer, if any, then IE. Browser themselves or plugins causes problems. All uses Flash Player and that has repeatedly zero days bugs too. Adobe's Flash Player gets an emergency update (computerworld, posted April 28, 2014 01:37 PM ET)
Disclaimer: Part of my job working for a smart metering firm involves wide-scale penetration testing of various applications for high security environments. So my statements below reflect only experience gathered by that testing. It is in no way to be construed as legal advice, and I do not take any responsibility for any actions you take in response to the information left below.
The Flash bug is part in parcel of the IE bug. The other issue is the vector markup language rendering engine IE uses. Unregistering VGX.dll will remove the second attack vector utilized in this situation. There are others via Java and ActiveX controls, but Flash and the VML vulnerabilities are the two biggest ones. This ZD is being patched quickly because it has an effect on so many versions of the browser and windows as a whole. However, this should be everyone's wake-up to stop using IE in general. It's never been standards-compliant, the code-base has always been an amalgamation of flatly embarrassing flaws and inefficiencies, and really should be considered the red-headed step-child of the browser world to be avoided like it has every plague the human race has ever known. And some it has yet to discover. Microsoft is only now trying to save face by retroactively allowing XP to receive the patch as well.
Originally posted by Ravant: The Flash bug is part in parcel of the IE bug.
This time. Flash, Acrobat (Full and Reader), and other Adobe products have a long history of security bugs and affects 1, 2, or all browsers or w/o any browser. Acrobat have problems with and w/o any browser. Many sites are useless w/o Flash plug-in and worse, many sites use Flash cookies to add to or bypass Browser cookies rules.
Same for Java... I got tried of one ZD bug after another so I dumped old menu. Menu I use now works even when J-Scipt is off. My main system hasn't use Java ever since. Not even installed. (Reminder to everyone... If used Java only to access my cave then Remove Java.)