Folks, one of our customers has an IT admin guy who is a Linux fan and runs a farm of Linux servers. He has the typical cultural anti-Microsoft bias that I'm sure we encounter now and then. Not normally a problem, but he's forwarding around scary emails warning of vulnerabilities in IE and Silverlight which could put our deployment at risk.
I became suspicious when yesterday he said something like "because IE is 'closer' to the operating system than other browsers, a flaw in IE makes Windows more vulnerable". This seems preposterous to me, and it's vague, but it pleases me to imagine that the User/Kernel mode boundaries between IE and Windows are no different than any other normal application. Anyway, in his email he links to these pages: http://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-19887/Microsoft-Silverlight.html http://cwonline.computerworld.com/t/8857906/669819191/656856/12/ I don't see anything particularly scary in these. It looks like a Silverlight app would have to be specifically crafted to be a threat (and I'm not intending to do that!). The other stuff about IE is just the usual stuff you see on quiet news days. Any comments anyone to help us slap this Linux guy down? *Greg K*
