Slashdot Mirror

← Back to Stories (view on slashdot.org)

MSIE Uber-patch Of The Month

Posted by ryuzaki0 on from the windstorm-'97 dept.

mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/" Maybe not even all six -- the maintainer of the above URL claims in a post to Bugtraq that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability. Also, please compare to previous MSIE Uber-Patches Of The Month: December 2001, 3+? holes in IE; March 2002, 2+? holes in IE; April 2002, 2+? holes in Mac IE.

6 of 357 comments (clear)

  1. I wish things were always so easy... by pubjames · · Score: 5, Insightful

    Warning! Positive comments about Microsoft ahead...

    I have Windows XP on my desktop and RedHat on my public server.

    I have grown to appreciate the way Windows XP patches itself. Frankly it is a bit of a pain in the butt having to apply patches to my RedHat server each month and I would be much happier if it could just do it itself, automatically, like XP does.

    I hate Microsoft. They're bastards. But the auto-patching that Windows XP does is great. We need it for Linux, both desktop and server.

  2. Microsoft is getting smart by mikosullivan · · Score: 5, Insightful
    The increased pace of security patches from MS may indicate that they're finally serious about security. If so, the OSS movement needs to be wary. Windows lack-of-security has always been a major harping point for the OSS movement. Yes, I'm glad for the windows-users of the world that their OS is getting better, but those of us who preach OSS to our colleagues and friends need to be aware that a major talking point may be going away. If MS really has decided that Security Counts, they've got pretty deep pockets to do something about it. Sun and IBM have both proven that the closed-source system can in fact produce pretty secure operating systems.

    Microsoft is a formidable opponent. They're very rich and very good at using those riches to get what they want. We need to avoid being smug.

    --
    Miko O'Sullivan
  3. They deserve to be flamed by Vicegrip · · Score: 5, Insightful

    Nobody else claims their browser is a key component of the operating system-- that it cannot be removed because its functionality is so interwoven into the operation of the system.

    Of course people are going to flame Microsoft for designing such a product with so many critical security holes which compromise their computer, making it part of the OS and then arrogantly refusing to give people the ability to remove it. At least I can un-install every other browser if I decide it doesn't suit me.

    You complain about people flaming Microsoft. I submit to you that if that corporation wasn't so arrogant, pushing its views and way of doing things onto everyone else then stifling the innovation of others, that people would be a lot more forgiving of mistakes.

    I have no sympathy. Not for this corporation. Microsoft made this bed, it can sleep it in now.

    --
    Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
  4. Browser wars by Jungle+guy · · Score: 4, Insightful

    These constant Internet Exploer fixes are a result from the "browser wars", when MS an Netscape competed to release their new browser every six new months or so. The rush prevented good code auditing, and several bugs were not wiped.
    Now that this "war" is over, I hope MS (and Netscape) make a good review of their browser before releasing it, and stabilize the existing code. If we are lucky, IE 7 will be shipped only in 2003 or 2004 - and by "we" I mean every internet user, for the bugs in IE helped the spread of annoying worms like Nimda and Klez.

  5. Re:how to get them (MSFT) to make patches that wor by talks_to_birds · · Score: 4, Insightful
    • "...Remember "Code Red" ? It was just like any other worm attack..."

    Bullsh*t.

    How come my firewall is *still* seeing 80+ Code Red/Nimda probes daily?

    Just like any other worm?

    You have no clue.

    The number of infected Micro$oft boxes out there is scarcely any less than it was six months ago, thanks mainly to clueless Micro$oft users...

    t_t_b

    --
    I'm on PJ's "enemies" list! Are you?
  6. MS (in)security and /. MS bashing by theolein · · Score: 5, Insightful

    I notice that everytime MS gets a negative posting here, which is often and to be expected, since this is a place where you don't have to fear any recriminations when posting negative MS articles (Rob Malda does not have to report to an editor in chief and explain why he's undermining the MS advertising on the site), A lot of people post a lot of anti-slashot commentaries about anti-MS bias etc.

    This is one of the few *very* public sites that I can go to and read public criticisms of MS, step by step. If I wanted to read what a fantastic job MS is doing with it's security and how it really is such a *fab* company, then I could either go to MS' site and read the marketing departments latest press releases or go to ZDNet and read commentaries by the zombies in their editorial department.

    I *want* to read extremely critical news here on /. Criticism keeps MS on it's toes and stops them from doing what they like with users' (including your) rights. It gives me a good critical counterclaim for every piece of anti-linux FUD that comes from MS.

    /. May often be wrong but they don't try to tell me how wonderful is and how I can just back and let MS handle all my problems.