Last modified: 2012-09-20 12:46:02 UTC
According to a Microsoft Advisory, the browser software "Internet Explorer" allowes remote code execution in almost all currently deployed versions and operating systems. http://technet.microsoft.com/en-us/security/advisory/2757760 This should account for roughly 25% of our traffic at Wikimedia web sites. http://stats.wikimedia.org/wikimedia/squids/SquidReportClients.htm Couldn't we just upgrade those visitors' machines with a decent reliable browser, such as Firefox or Chrome or Opera, maybe with the help of framework software such as https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit? If applicable criminal law or established moral or ethical standards do not permit remote software upgrades via this path, we could at least consider displaying a warning for visitors to use one of the suggested strategies to deal with such a major browser security issue.
This has been discussed several times (last time that I am aware of is http://lists.wikimedia.org/pipermail/wikitech-l/2012-June/061070.html ) and outcome of discussion is that nothing like this is currently planned.