Win7 Pre-beta中的IE是個(gè)定時(shí)炸彈

Win7之家（ afsion.com.cn）：Win7 Pre-beta中的IE是個(gè)定時(shí)炸彈

 從我的收件箱中可以看出，很多人都下載并安裝并使用了Windows 7 Build 6956。但是無(wú)論你怎么努力，都無(wú)法更新到最近微軟發(fā)布的有關(guān)IE的緊急安裝更新。

其實(shí)這就是從非官方渠道獲得軟件的弊端。你們下載的Windows 7是個(gè)隨機(jī)的“當(dāng)天版本”，只是在Windows 7正式版發(fā)布前眾多測(cè)試版的其中之一。任何可以獲得該版本的人（微軟員工，OEM合作伙伴，可信任的測(cè)試者）都可以輕松拿到更新的版本，而這個(gè)版本，才能正常更新到IE安全補(bǔ)丁。因此，微軟安全團(tuán)隊(duì)并沒(méi)有為泄露版本發(fā)放任何更新，就像當(dāng)初沒(méi)有為6952和6961發(fā)布補(bǔ)丁一樣。因此，如果你正在Windows 7  Build 6956上用IE8瀏覽網(wǎng)站，那么很有可能你將會(huì)受到攻擊。

附部分原文：

Judging by my inbox, lots of you downloaded a bootleg copy of Windows 7 build 6956 from BitTorrent, and now you have it running. But no matter how hard you try, you can’t update its built-in copy of Internet Explorer 8 with this week’s extremely critical out-of-band security update, which Microsoft turned around in record time.

That’s the downside of running software from unauthorized channels. You see, the build zipping around the BitTorrent tubes right now is a random “daily build,” one of many that was produced during the run-up to the upcoming beta release of Windows 7. Anyone who would have had authorized access to that build (Microsoft employees, OEM partners, a tiny corps of trusted beta testers) already has authorized access to more recent builds (including, rumors say, the final beta release itself) that can be updated with a supported version of this crucial IE8 patch. So, logically enough, Microsoft’s security team doesn’t release an update for that leaked version, just as it didn’t release an update for build 6952 or build 6961. As a result, you’re vulnerable if you visit a compromised website using the unpatched version of IE8.

...