dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
978

StuartMW
Premium Member
join:2000-08-06

3 recommendations

StuartMW

Premium Member

When Disabling IE6 (or Java, or whatever) is not an Option..

quote:
We're getting a whole lot of bad advice regarding the latest crop of vulnerabilities. Folks are saying things like "disable Java", or "Migrate away from IE6/7/8", or even "Migrate to IE10 or Firefox".

While these will certainly mitigate the current vulnerability, it's often not a practical way to go. If you pick the right week, almost anything could be your target "disable that" component - everyone has a zero day at one time or another. Specific to this week's issues, there are lots of business applications that are tied to older browsers - I've got a number of clients who have business critical applications that are tied to a specific version of IE (often IE6), or to a specific, old version of Java. Or if you still have a few thousand XP workstations, you're going to top out at IE8.

»isc.sans.edu/diary/When+ ··· n+/14947

goalieskates
Premium Member
join:2004-09-12
land of big

1 recommendation

goalieskates

Premium Member

Amen.