Facts of Internet Explorer Vulnerability 2014
Following the recent Heart Bleed exploit, Open Source pundits have been scrambling and the press has capitalized on a slow news cycle to bash Microsoft. Here are the actual facts:
- On April 27, 2014, ZDNet published Microsoft discloses zero day in all versions of Internet Explorer. Debate raged in the comments about which platforms were more secure.
- The vulnerability is really from Adobe Flash. Windows systems without Adobe Flash installed are not vulnerable.
- Later on the same Sunday, Gizmodo published New Vulnerability Found in Every Single Version of Internet Explorer. The article incorrectly stated that Internet Explorer is only 26% of the browser market and Windows XP customers would be forced to pay exorbitant support. Out of touch comments exploded based upon these erroneous details.
- Secunia Browser Vulnerability Report for 2013 shows Internet Explorer with leading market share on Windows OS devices, less than half the vulnerabilities of the least secure browsers of Firefox and Chrome, and lowest percentage of unpatched systems of any manufacturer due to automatic Microsoft Updates.
- Search Engine marketers have recommended not using Adobe Flash for over 5 years, as it provides little information to be indexed. Industry sites like SEOWorks still advise against SEO & Flash Web Design. XP or any Windows user may simply uninstall Adobe Flash to avoid this vulnerability with little browsing impact.
- The last Internet Explorer vulnerability was reported October 9, 2013. IBM just discovered multiple Firefox vulnerabilities March 26, 2014. The latest Chrome vulnerability was published April 10, 2014.
It is an Adobe, IE, Windows comination that is unsafe. If it was just Adobe, why am I not affected on Linux? Nice try.
Tim – I get it. Platforms are religion. The point was that Flash has been out of favor for SEO a very long time and that other major browsers are twice as vulnerable. This issue is getting more hype than Heart Bleed, even though a small percentage of websites utilize Adobe Flash versus numerous Linux sites that use Open SSL. Thanks for the read and the comment, as no derision was intended toward Linux.