Author: mathias.schindler

Description:
According to a Microsoft Advisory, the browser software "Internet Explorer" allowes remote code execution in almost all currently deployed versions and operating systems. http://technet.microsoft.com/en-us/security/advisory/2757760

This should account for roughly 25% of our traffic at Wikimedia web sites. http://stats.wikimedia.org/wikimedia/squids/SquidReportClients.htm

Couldn't we just upgrade those visitors' machines with a decent reliable browser, such as Firefox or Chrome or Opera, maybe with the help of framework software such as https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit?

If applicable criminal law or established moral or ethical standards do not permit remote software upgrades via this path, we could at least consider displaying a warning for visitors to use one of the suggested strategies to deal with such a major browser security issue.

Version: unspecified
Severity: enhancement