Domain: microsoft.com
Stories and comments across the archive that link to microsoft.com.
Comments · 34,132
-
Did I miss something?
Are you talking about a different demo than the one done after Bill Gates' CES keynote speech? Because in that demo the disc player seemed to work fine. Or did they go back and edit it?
-
Re:Microsoft Update
Pls note the link should go to http://update.microsoft.com/microsoftupdate Just going to the main site will bring you Windows Update, unless you've gone to Microsoft Update before. Yar, use your IE to go there.
-
Re:Dual boot laptopa) I can't work on Microsoft products like SQL Server on a Mac
Have you ever heard of Aqua Data Studio or thought of using MS Remote Desktop Client for OSX?
b) The Mac only has a few games, compared to the PCAre games really that important to you? But there are games like WOW, WCIII.WCIIIFT, Doom 3. Quake 4, UT2k3, UT2k4 etc...
We have less games but we also have less crap games as a result. Next time you troll make sure you try a little harder.
-
Re:Toastworthy Computing
Yeah AV *is* an extra cost. You're right there. You shouldn't have to update them manually though. Any good corporate AV solution will have systems for managing and reporting on AV deployments.
WSUS is a free tool from Microsoft for managing the testing and deployment of hotfixes.
Log files (IMO, the number one annoyance with windows systems) can be managed with scripts by using scheduled tasks, as can other mundane tasks like defragmenting. For Windows 2000 and NT4 which don't come with command line defragmentors there are free tools avaialable that will do the job. Email reports can be sent via email by piping (c:\maintenance.cmd >> c:\daily_report.txt) the output of your scripts to a textfile and using freely available command-line mailer tools to send them.
Security and other logs can be dumped to a freely available database automatically using freely avaiable tools.
One very valid complaint is that Windows doesn't come with these tools by default. Once you get everything together though, life becomes much easier.
I won't argue with you that UNIX is easier. An OpenBSD/Postfix box I set up about two years ago has not required a security patch yet, and if not for power outages and physical moves, would have two years of uptime right about now. -
Re:Adrift? Try sinking.
You may want to take a look at their quarterly earning reports. Last quarter alone they had a 9% increase in revenue (that's a 900 million increase, 10 billion dollars total revenue, just for the *quarter*). And with what? They've barely had any new software releases, and have had security issues with their OS's. But they are still going strong. I'd keep my eye on them in '06. They are having new releases of essentially every big property -- Office, Windows, Visual Studio, SQL, Xbox -- and are predicting double digit growth.
-
They have twisted the claims and missed the point.
The Linux claims stem from the fact that people take old hardware that is lying around, lying around because it has been abandoned and CAN'T run the latest Microsoft OS with office productivity suite, and see if they can get Linux to run on it.
I have a whole IT dept closet full of abandoned PC's, 486's, Pentiums, PII's that I WILL NOT TRY to run Windows XP SP2 and MS Office 2003 on, because it WILL NOT be usable after I spend what would probably be 6 hours getting everything installed.
I WILL NOT TRY it ALSO BECAUSE that hardware is WAY BELOW MICROSOFT's OWN DOCUMENTED HARDWARE REQUIREMENTS for WinXP. Now if I wanted to run Windows 3.1, or Windows 9.x, then yes it would be fine, but Microsoft doesn't SUPPORT those OS's anymore. They were abandoned, just like Windows XP will be abandoned when Windows Vista comes out. Not to mention there's NO WAY WinVista will run on that stuff, since it needs 512 MB JUST FOR THE OS!
http://www.microsoft.com/windowsxp/pro/evaluation/ sysreqs.mspx
http://www.microsoft.com/office/editions/prodinfo/ standreq.mspx
http://www.microsoft.com/technet/windowsvista/eval uate/hardware/vistarpc.mspx
Now take a PII Laptop with 96 MB of memory...
Remember per Microsoft's specs and experience, that's not enough for XP with Office 2003. But try loading the latest Suse Linux 10.0 with OpenOffice, and guess what... it didn't take 6 hours to install... only 1.5 hours, and it works and it is usable.
(Although it is below what Novell recommends, now that I just looked... http://www.novell.com/products/suselinux/sysreqs.h tml )
The fact is I can take some current Linux distro, and a current OpenOfice distro and make a legacy computer productively usable. This is because Linux and OpenOffice are open and people can do this and make their results available for others to use. And the OpenOffice installation can be included and done at the same time as the OS installation.
The fact also is that Windows is NOT open. I can not prepare simplified installations and share them. Each license owner has to do that themselves. No one can tweak and recompile the OS or the Office product to make it usable on older hardware. Its closed and up to the marketing whims of Microsoft to decide what Windows can and can not do...
Like Windows Vista... which will require 512 MB of memory, JUST FOR THE OS... -
They have twisted the claims and missed the point.
The Linux claims stem from the fact that people take old hardware that is lying around, lying around because it has been abandoned and CAN'T run the latest Microsoft OS with office productivity suite, and see if they can get Linux to run on it.
I have a whole IT dept closet full of abandoned PC's, 486's, Pentiums, PII's that I WILL NOT TRY to run Windows XP SP2 and MS Office 2003 on, because it WILL NOT be usable after I spend what would probably be 6 hours getting everything installed.
I WILL NOT TRY it ALSO BECAUSE that hardware is WAY BELOW MICROSOFT's OWN DOCUMENTED HARDWARE REQUIREMENTS for WinXP. Now if I wanted to run Windows 3.1, or Windows 9.x, then yes it would be fine, but Microsoft doesn't SUPPORT those OS's anymore. They were abandoned, just like Windows XP will be abandoned when Windows Vista comes out. Not to mention there's NO WAY WinVista will run on that stuff, since it needs 512 MB JUST FOR THE OS!
http://www.microsoft.com/windowsxp/pro/evaluation/ sysreqs.mspx
http://www.microsoft.com/office/editions/prodinfo/ standreq.mspx
http://www.microsoft.com/technet/windowsvista/eval uate/hardware/vistarpc.mspx
Now take a PII Laptop with 96 MB of memory...
Remember per Microsoft's specs and experience, that's not enough for XP with Office 2003. But try loading the latest Suse Linux 10.0 with OpenOffice, and guess what... it didn't take 6 hours to install... only 1.5 hours, and it works and it is usable.
(Although it is below what Novell recommends, now that I just looked... http://www.novell.com/products/suselinux/sysreqs.h tml )
The fact is I can take some current Linux distro, and a current OpenOfice distro and make a legacy computer productively usable. This is because Linux and OpenOffice are open and people can do this and make their results available for others to use. And the OpenOffice installation can be included and done at the same time as the OS installation.
The fact also is that Windows is NOT open. I can not prepare simplified installations and share them. Each license owner has to do that themselves. No one can tweak and recompile the OS or the Office product to make it usable on older hardware. Its closed and up to the marketing whims of Microsoft to decide what Windows can and can not do...
Like Windows Vista... which will require 512 MB of memory, JUST FOR THE OS... -
They have twisted the claims and missed the point.
The Linux claims stem from the fact that people take old hardware that is lying around, lying around because it has been abandoned and CAN'T run the latest Microsoft OS with office productivity suite, and see if they can get Linux to run on it.
I have a whole IT dept closet full of abandoned PC's, 486's, Pentiums, PII's that I WILL NOT TRY to run Windows XP SP2 and MS Office 2003 on, because it WILL NOT be usable after I spend what would probably be 6 hours getting everything installed.
I WILL NOT TRY it ALSO BECAUSE that hardware is WAY BELOW MICROSOFT's OWN DOCUMENTED HARDWARE REQUIREMENTS for WinXP. Now if I wanted to run Windows 3.1, or Windows 9.x, then yes it would be fine, but Microsoft doesn't SUPPORT those OS's anymore. They were abandoned, just like Windows XP will be abandoned when Windows Vista comes out. Not to mention there's NO WAY WinVista will run on that stuff, since it needs 512 MB JUST FOR THE OS!
http://www.microsoft.com/windowsxp/pro/evaluation/ sysreqs.mspx
http://www.microsoft.com/office/editions/prodinfo/ standreq.mspx
http://www.microsoft.com/technet/windowsvista/eval uate/hardware/vistarpc.mspx
Now take a PII Laptop with 96 MB of memory...
Remember per Microsoft's specs and experience, that's not enough for XP with Office 2003. But try loading the latest Suse Linux 10.0 with OpenOffice, and guess what... it didn't take 6 hours to install... only 1.5 hours, and it works and it is usable.
(Although it is below what Novell recommends, now that I just looked... http://www.novell.com/products/suselinux/sysreqs.h tml )
The fact is I can take some current Linux distro, and a current OpenOfice distro and make a legacy computer productively usable. This is because Linux and OpenOffice are open and people can do this and make their results available for others to use. And the OpenOffice installation can be included and done at the same time as the OS installation.
The fact also is that Windows is NOT open. I can not prepare simplified installations and share them. Each license owner has to do that themselves. No one can tweak and recompile the OS or the Office product to make it usable on older hardware. Its closed and up to the marketing whims of Microsoft to decide what Windows can and can not do...
Like Windows Vista... which will require 512 MB of memory, JUST FOR THE OS... -
Re:Command line......
Windows has a command line interface that surpasses the functionality that GNU/Linux has.
http://www.microsoft.com/technet/scriptcenter/hubs /msh.mspx -
Tuning NT5+The only people who never mod their desktop seem to be the home users, most of whom still haven't figured out where QuickLaunch went in XP. Why that and the Address Bar are off by default I have no idea.
I've not used Linux significantly, but there are a number of "Window Managers" with low resource needs such as IceWM which can even be skinned to look like your favorite commerial OS.
Personally I prefer the "Windows Classic" theme in XP, as it takes up less resources. Microsoft also released the Media Center Theme for XP users, but it takes up about the same resources as the "Luna Theme."
If you want to get better performance out of a 2K/XP/+ system:
Disable unneeded services: Remote Registry Service and Messenger (there are more possible)
Disable System File Protection
Disable Visual Effects and Active Desktop
Disable "last access" timestamp on files.
-
Use a diagnostics wmf
You want to craft a wmf thats shows this url http://www.microsoft.com/technet/security/Bulleti
n /MS06-001.mspx to users in need of help. Might oper for more legal trouble though... -
Re:talk about a head start...
Microsoft is NOT launching the Urge, MTV is.
O RLY?
-
I wonder why MS and Mozilla ...
If cookies are bad why do browser makers include them? Maybe there are not all the bad?
Why the client-side data storage is so popular that even Microsoft embraced it more with its User-Data
http://msdn.microsoft.com/workshop/author/behavior s/reference/behaviors/userdata.asp
And why Mozilla brings it's persistent attributes to the world-famous secure browser?
http://xulplanet.com/references/elemref/ref_XULEle ment.html#attr_persist
And I ensure you that these things are more evil then the most evil cookie monster :-) Because people seeking for cookies will not check this things that theoretically may do the job well... ;-)
But what if they are not so bad? -
Re:Imitation is the sincerest form...
Apple's stuff had no intention for end users coding their own little applications there with a bit knowledge of HTML/Javascript.
In fact I had these little applications on my Amiga 500. One I remember was cloçk, analogue clock but it was again coded by Commodore and you couldn't say "Lets change that background".
Look at these http://widgets.yahoo.com/gallery/ , are they advanced C coders? Nope I don't think so. The thing is small "widgets" which can be created with limited programming language knowledge on readable format.
So the excuse of Apple is not very valid in fact. You know what? They will kill me for saying it but I think Microsoft Active Desktop is the "thing" shipped in IE 4.0 times is in fact invented small desktop html applications.
There it is: http://www.microsoft.com/windows/ie/previous/galle ry/default.mspx
It was never too popular since those times nobody had the memory to happily keep them running. -
Re:Mud Wiggle saith
I hope the Wine team has a flux capacitor.
-
The traditional "joke", with a twist?
For WINE users, here's a patch.
Wow, I could never imagine this time would come, after all those here's a patch jokes! -
Re:Patch doesn't work for me
Go here, with any browser type http://www.microsoft.com/downloads/details.aspx?f
a milyid=0C1B4C96-57AE-499E-B89B-215B7BB4D8E9&displa ylang=enI collect the worst patches and utilitites with Firefox on Linux and make myself a 'Windows Bugspray' CDROM, which I then use to fix client's PCs.
-
Re:Weird error
-
Re:Microsoft can boost your notariety
Who else would use clipart so haphazardly but those two groups?
I can think of only one poor soul who is no longer with us....Clippy :(
http://www.microsoft.com/presspass/features/2001/a pr01/04-11clippy.mspx -
Get in line of FO
According to the "download from the Windows Update site" link, Microsoft doesn't want me to update:
"To use this site, you must be running Microsoft Internet Explorer 5 or later.
To upgrade to the latest version of the browser, go to the Internet Explorer Downloads website."
I guess Firefox isn't good enough. -
Re:From the Interview...Also, didn't any of the original developers think of this when they wrote it or did they think the exploit was so remote, that it'll never happen?
I guess they thought the chances were remote, because when MS were doing their security review and subsequently made their GDI vulnerability detection tool available, it was not designed to pay attention to this vulnerability. I wonder if they have updated the tool?
-
Actual link to the MS-official patches
-
Microsoft Update
I think the
/. post should link to Microsoft Update and not Windows Update. Microsoft Update will patch MS Office and other products as well as Windows. It's one step closer to "apt-get update; apt-get upgrade". -
Re:The numbers are unimportant
That sounds great and all, but do you have any idea of the complexity, and therefore cost involved? Ever tried to debug something consisting of 10000 lines, let alone something the size of an OS?
Interestingly there was just an article about exceptionally low defect rates for software, with cases running from a mere 10,000 up to almost 200,000 SLOC, all done for very reasonable time frames and costs. That, of course, is still signficantly less than the complexity of, say, the entire Linux kernel - but then no one said the whole thing had to be perfect, why not just start with the critical parts? Does it matter if every single obscure device driver is perfect? Under the circumstances that's forgivable, and porbably isn't so important. Making sure the core parts are exploit free using solid techniques does make some sense though. There are such projects underway - see Coyotos and Singularity.
a better goal is to ensure that when bugs are found they have minimal impact (like ensure users aren't running as root)
Indeed, but we can do better than this - there are more modern architectures for isolating problems, and they are available right now in Linux, SELinux being the most visible example. The problem is that right now applications often aren't written to respect, or take advantage of the benefits SELinux offers, so the improvement just isn't that great (a very loose policy is required). That is to say Linux is in a state with SELinux similar to where Windows is with Administrator accounts: the technology is there, and if used would represent a huge step in improving security, but because of lagging applications and users it's failing to take the required steps to e more secure.
Jedidiah. -
Re:Showmanship and Attention to Detail
If you really want to appreciate Steve Jobs, watch Wednesday's Bill Gates keynote at CES 2006. At one point he tactlessly suggests that the weather could have been Time's Person of the Year if there had just been one more hurricane, and his presentation is so full of filler words ('um' and 'aw') that you wonder if he ever even practiced. Then the project manager for Vista gets up and tells us he is "super" excited. Puleeze.
-
Try the EULAUnfortunately, I think the blame lies at least in large part with the consumer.
I think the "exclusion of warranty" terms that are common to most EULA's may be more at the heart. The typical consumer who has a problem will eventually run into this, and be forced to spend an insane amount on legal fees to get the EULA invalidated as unconscionable, or (more likely) give up in disgust.
Perhaps there would be an impact from a federal law stating that software makers whose license terms are found unconscionable in court must notify all registered users of the software of that ruling....
-
Censorship is a Unique Element of an Oligarchy
"MSN is committed to ensuring that products and services comply with global and local laws, norms and industry practices. Most countries have laws and practices that require companies providing online services to make the Internet safe for local users. Occasionally, as in China, local laws and practices require consideration of unique elements," the representative said.
I am sure George Orwell's '1984', Aldous Huxley's 'Brave New World', and even Bill Gate's 2005 article 'The New World of Work' would be banned as well.
http://www.microsoft.com/mscorp/execmail/2005/05-1 9newworldofwork.asp
Quote: "Improving personal productivity: One consequence of an "always-on" environment is the challenge of prioritizing, focusing and working without interruption. Today's software can handle some of this, but hardly at a level that matches the judgment and awareness of a human being. That will change -- new software will learn from the way you work, understand your needs, and help you set priorities." (Bill Gates 5-19-05)
Unless you live in China. -
Re:How bloody typical ..........No you don't. I used Firefox and went to http://www.microsoft.com/technet/security/bulleti
n /ms06-001.mspx and had no problems downloading the update.Look, if you think it's crap, then why are you using it? If you don't like it, stop your incessant whining and do something about it. Go to Linux RH or buy yourself a Mac. Then you can go flood the Mac/Redhat boards with your complaints.
-
Re:Automatic Verification Systems?Here's the manual for one. (large PDF) I and some others developed this in 1981-1983. Back then, it took 45 minutes to grind through the verification process for a 500-line program. I used to demo this by showing people a verified program and letting them put in a a bug, then watch the verifier find it.
Years later, a somewhat similar verifier for Modula III was developed at DEC Western Research Labs, but it died with DEC.
Microsoft Research is now developing something called Spec#, an extension to C# for formal verification. Much of the effort there focuses on object consistency, and, for the first time, somebody is finally handling the consistency issues associated with object call-out and callback. (This is badly needed in the Microsoft world, where the GUIs call round and round and back in, without proper theory to support that.)
-
Re:non IE link please
Yes this was also in another post, but here you go:
http://www.microsoft.com/technet/security/Bulletin /MS06-001.mspx
I was able to download the XP and 2000 patches just fine with Firefox from that link. -
Re:maybe in another lifetime
I RTFA to the point where they started putting restrictions on languages of choice and then I stopped. I don't disagree. I just realize the article applies less to my work than I thought.
Well there are options you can take that aren't the whole hog of SPARK Ada with it's restrictions and formality. If you just want to make things clearer and get some of the benefits then for Java there's JML which provides similar annotation syntax to SPARK and comes with some freely available tools to convert annotations into JUnit tests, runtime assertions, and include them in JavaDoc documentation. There's also ESC/Java2 which provides extended static checking based on JML annotations.
If you are using C# then there's Spec# which, again, provides similar annotation and basic tool support to C#, kindly provided by Microsoft. If you're using C++ mostly there's C2, or if you don't want payware then you could look into D which provides Design by Contract - it is a language shift, but not too huge a one. Then there's always Eiffel.
If you are more of functional programmer then there's Extended ML or HasCASL which both seek to being some of the benefits of algebraic specification to functional languages (in this case Standard ML and Haskell).
So all up you aren't as pinned to a language as it might first appear - depending on how important correctness is there are a variety of options in a wide variety of languages.
Jedidiah. -
Re:Reactive vs Proactive
it co-exists well with Ilfak's unofficial patch as well as the REGSVR32 workaround.
And if you did the REGSVR32 workaround, you can now get back the functionality of Windows Picture and Fax viewer.
Click Start, Run, Type "regsvr32 %windir%\system32\shimgvw.dll" (without the quotation marks) then OK.
This info was kind of buried here. -
Re:2000, XP, 2003, but no 3.10, 3.11, 95, 98, or M
Microsoft's policy is that they will only release critical patches for 9X/ME systems because they have EOLed them. Their study of the vulnerability found that while those systems are vulnerable, that it is not critical because no attack vector has been identified. Whether or not you trust their assessment is another question, but that's why there's no patch for them. See questions 2, 3, and 4 in the FAQ.
http://www.microsoft.com/technet/security/Bulletin /MS06-001.mspx
I suspect 3.x is the same, but really, if you're using 3.10 as a desktop... -
Re:and millions of /.'ers groan...
I went here for using firefox, followed a few links, and was allowed to download and install the patch:
http://www.microsoft.com/technet/security/Bulletin /ms06-001.mspx -
Re:Reactive vs Proactive
It's easy for admins to plan their downtimes unless they have windows update run automaticaly every day or sometinh - there is even a tool that lets admins collect patches and roll them out locally on a schedule (although it needs a dedicated machine and insane amounts of resources... the minimum is 512MB and it isn't happy in less than 1GB, so many admins understandably can't run it due to hardware/budget limitations).
-
MS: "vulnerability is not critical"
"Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions."
from
http://www.microsoft.com/technet/security/Bulletin /MS06-001.mspx
Oooooooh boy, I feel for those folks that have older machines... they're basically fucked. MS doesn't even call this "critical". -
Case Studdies
Great you have done a Case study on me..
SO Now EVERYONE know what i'm running and what i may or may not be Vulnerable to.
I wouldn't doubt that Xerox and rest called MS and Blew their top.
Not to mention you can just goto http://www.microsoft.com/resources/casestudies/ for a list of targets
We are a smaller shop we have about 100 desktop/servers. I called and voice my oponion in a calm and Firm fashion. I guess ALOT of others did as well. -
And now for the "for Nerds" part of the articleFrom the bulletin:
The change introduced to address this vulnerability removes the support for the SETABORTPROC record type from the META_ESCAPE record in a WMF image.
So all of you out there with WMFs with SETABORTPROCs in your META_ESCAPE records, beware!
(Not sure what I just said.) -
Does *not* require Internet Explorer...Thank you for your interest in obtaining updates from our site. To use this site, you must be running Microsoft Internet Explorer 5 or later.
Funny, yes, but not true. The patch is available here:
http://www.microsoft.com/technet/security/Bulleti
n /MS06-001.mspxJust downloaded it with Firefox. It's just Windows Update that requires IE.
-
2000, XP, 2003, but no 3.10, 3.11, 95, 98, or ME?
I'm only getting hits on 2000, XP, and 2003:http://www.microsoft.com/downloads/results.aspx?f
According to the Financial Times article highlighted at Drudge, Hyppönen said the vulnerability is supposed to hit "every Windows operating system since 1990".r eetext=KB912919So is there a patch for older versions of Windows?
-
Re:and millions of /.'ers groan...
Well the funny thing is that this exploit only affects Internet Explorer as well. So basically what they are saying is
They aren't "saying" anything. The Windows Update web app, as a requirement of the fact that it uses ActiveX, requires Internet Explorer. Nonetheless, not only is the patch rolling out right now via auto-updates, you can also download it directly.
In any case, even though I use Firefox and Opera for my day to day browsing, I really don't feel that threatened firing up Internet Explore for the purpose of connecting to Microsoft. -
Re:Not 2pm ET, but 2pm PT
It has been already released. Get it here(if you run Windows, that is) http://www.microsoft.com/technet/security/Bulleti
n /ms06-001.mspx -
MS Security Bulletin Link
Here's the actual link to MS's site that describes the patch: Microsoft Security Bulletin MS06-001
-
Re:actual interview went like this:
He could have answered:
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
Microsoft is releasing the following security bulletin for newly discovered vulnerabilities:
Critical MS06-001 Microsoft Windows Remote Code Execution
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin /ms06-jan.mspx
MS06-001
Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating:
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin /MS06-001.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS. -
Re:actual interview went like this:
He could have answered:
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
Microsoft is releasing the following security bulletin for newly discovered vulnerabilities:
Critical MS06-001 Microsoft Windows Remote Code Execution
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin /ms06-jan.mspx
MS06-001
Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating:
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin /MS06-001.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS. -
Re:actual interview went like this:
He could have answered:
Microsoft is releasing the following security bulletins for newly discovered vulnerabilities:
Microsoft is releasing the following security bulletin for newly discovered vulnerabilities:
Critical MS06-001 Microsoft Windows Remote Code Execution
Summaries for these new bulletins may be found at the following pages:
http://www.microsoft.com/technet/security/bulletin /ms06-jan.mspx
MS06-001
Title: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)
Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) - Review the FAQ section of the bulletin for details about these operating systems.
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating:
Restart required: Yes
Update can be uninstalled: Yes
More information on this vulnerability is available at: http://www.microsoft.com/technet/security/bulletin /MS06-001.mspx
PLEASE VISIT http://www.microsoft.com/technet/security FOR THE MOST CURRENT INFORMATION ON THESE ALERTS. -
Not 2pm ET, but 2pm PT
The security update will be available at 2:00 pm PT as MS06-001. In any case, I'm glad to see Microsoft listening to customers and security advocates to release before the regular monthly patch date.
-
It's already out..
http://www.microsoft.com/technet/security/Bulleti
n /MS06-001.mspx
WSUS picks it up on synch so start deploying once you've tested it internally. 5 days early? Not bad. Not great, but an official patch is always welcome. Hats of to the SANS team for applying the pressure. It's unfortunate that they were not mentioned in the Acknowlegements section of the MS06-001 release notes. -
Re:Reactive vs Proactive
Patch has been released.
Get it here http://www.microsoft.com/technet/security/Bulletin /ms06-001.mspx
According to the folks at F-secure, it co-exists well with Ilfak's unofficial patch as well as the REGSVR32 workaround. Read their blog here. http://www.f-secure.com/weblog/archives/archive-01 2006.html#00000771 -
Why are BT mice and keyboards so damn expensive?
The subject says it all. You'd think they'd be cheaper since they are based on a standard platform with chips readily available.
But in reality you can get a basic cordless mouse for under $20, even a freakin' laser cordless mouse for $40, while you can't find a basic optical bluetooth mouse from a legitimate retailer for less than $60-70 and they are usualy $80+ in retail stores.
What is the deal?