MSIE Uber-patch Of The Month

← Back to Stories (view on slashdot.org)

Posted by ryuzaki0 on Thursday May 16, 2002 @05:50AM from the windstorm-'97 dept.

mkraft writes "Microsoft released another security patch for Internet Explorer to fix 6 'new' vulnerabilities. Info on the patch can be obtained via download or Windows Update. Not sure what 6 things the patch fixed, but I'm assuming they fixed 6 of the 14 known exploits listed at http://jscript.dk/unpatched/" Maybe not even all six -- the maintainer of the above URL claims in a post to Bugtraq that Microsoft got some facts wrong and "patched a symptom" of one of the vulnerabilities, "not its root cause," and that IE5 and IE5.5 remain unpatched with the same "Critical" vulnerability. Also, please compare to previous MSIE Uber-Patches Of The Month: December 2001, 3+? holes in IE; March 2002, 2+? holes in IE; April 2002, 2+? holes in Mac IE.

1 of 357 comments (clear)

Min score:

Reason:

Sort:

Re:I wish things were always so easy... by 4of12 · 2002-05-16 06:27 · Score: 4, Interesting

But the auto-patching that Windows XP does is great. We need it for Linux, both desktop and server.

I don't run XP (though my bro-in-law does, hates it, is going back to Win2K, a good move IMHO), but some feature like what you describe would be nice if they're properly balanced and thought out.

I'd like the ability to assess what the patches are needed, what they are supposed to do, and ideally be able to see the source code before I patch my servers.

The last thing I want my server to do is to "figure out for itself" that it needs to download some worm and then automatically go do it.

Rather, let me decide and then it's my fault if I download a worm.

One of the nice things about Linux in general is that it exposes its guts to you and lets you make as many decisions as you want about what to do with it and how to modify it. If you want to shoot yourself in the foot or shoot for the moon in a new way that works for you, then by all means go for it. Linux distributions won't be so arrogant as to presume that "they know better what's good for you".

You can see where it's difficult to judge the proper tradeoffs between ease and convenience on one hand, and security on the other hand. All those Outlook attachments have been more than sufficient evidence of how easily such judgement can be in error.

--
"Provided by the management for your protection."