Microsoft Notes Critical Security Holes in Windows, Office

Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.

There is no EULA attached.

[iamsure]

For the quickfixes listed on the url, there is no EULA to install them.

No EULA

[Mr_Silver]

Please be sure to read the EULA before installing the patch.

I just installed it now (q323759.exe) and it didn't ask me to agree to anything. In fact the only question I got was "Do you want to install this update?".

For now, my PC is safe from Microsoft forced modifications (relativily speaking)

SSL Cert.

[zmalone]

Browsing through the Microsoft link (the first one is a puff piece), it looks as though they still havn't patched the SSL certificate problem in IE/Windows. Will we have to wait until the next multiple security hole patch, or will they release it seperatly?

Re:Sad state of affairs....

[Oztun]

I'm sure some people raised there hands. Now if those people found a hole some would share it with the rest of us. Get it yet?

Oh and I work on my own car and go through source code in my spare time so your points don't work much on me. I don't trust M$ nor mechanics.

BTW a friend works at Jiffy Lube and always has interesting stories on how the boss makes him take suckers to the cleaners.

How it happened not really relevant

[Goonie]

The OpenBSD project's FTP server doesn't run on OpenBSD, so the details of how the hack happened aren't that relevant to OpenBSD's security.

Read the OpenBSD FAQ for the details of why the FTP server isn't an OpenBSD box, but IIRC it's basically because it's a donated box and bandwidth from a university, and beggars can't be choosers.

Not to mention remote root on SQL Server

[daveaitel]

Running a fully patched SQL Server or Exchange 2000 (a full time job in itself), check out: http://www.immunitysec.com/vulnerabilities/ :>

-dave

Re:News for Nerds, Twisted to Make MS Look Evil

[shepd]

>The fact of the matter is Windows is the most common target of hackers. They occasionall find stuff, it gets fixed.

No, the fact of the matter is that the oldest security hole still present in internet explorer is over...

2 years and 2 months old.

Look, if they ACTUALLY fixed their OS (and by OS I mean browser, which MS says is the OS) we wouldn't care. But, you see, since they don't care to fix their OS (and if you can't fix it in 2 years then you are one very pathetic uncaring company) then we will care to explain to others that they don't care.

Get it?

You can apply every security patch in the world, but IE is still lets any site read:

- Any and all of your files
- Run any code they please
- Upload files of their choosing
- Modify files they want to
- Delete files they want to
- Delete your BIOS so you can't boot up your computer
- Make your computer dial 911 constantly, tying up emergency systems
- Install viruses on your computer
- Make your computer do DDOS attacks
- Make your computer email bomb threats to the president under your name

All without warning you. And any amount of patching won't affect it.

Is that not serious enough? Do they need to set your computer on fire to make it serious enough? Does your computer have to reach out and throttle you before you see how serious it is?

Sheesh.

Re:Sad state of affairs....

[Ironica]

#4: Turn off all the stuff that shouldn't have been on by default to make the system run better and more secure.
#5: Download and install all the security patches you need.

So, there's another half an hour or so right there...

I've CAUGHT M$ stuff sneaking past ZA...

[Reziac]

I have personally caught M$ stuff going around ZoneAlarm on two occasions:

WinME, no patches, ZAPro; system had no modem, thus no internet connexion. ZAPro dutifully reported every attempt to connect (which a lot of programs try to do for one reason or another, usually innocently) ... until Frontpage98. My first clue was when FP98 whined about being unable to find the nonexistent modem. ZAP didn't make a peep.

Win98, no patches, ZA Amateur 2.63 (I think); system has moden and DUN configured in the usual way. HAD been well-behaved. Made the mistake of installing TurboTax this past April, and it forcibly installed IE5.5. Which FUBAR'd DUN. When I finally got DUN working again and went online, ZA *immediately* reported an attempt to intrude, from a M$ IP address (I whois'd it, so I'm sure), IIRC on a UDP port. Excuse me? What business does M$ have trying to get into MY computer? And since IE5.5 wasn't running per se (I only use Netscape online), clearly it had suborned Windows itself. And again, ZA didn't make a peep, tho it had always reported every other attempt to get in or out.

This is why I IEradicated IE5.5 [see 98lite.net] and reverted the system to IE5.0, which had never exhibited any underhanded behaviour (tho I don't let it out on the net, I only use it for checking my HTML locally).

And yes, there is a hardware firewall in my future, exactly because of this sort of security breach.

Quick installation

[totallygeek]

Installing Windows 2000 Professional is about three ten-minute jobs, separated by big gaps of free time to do other things.

Well, then setting up Red Hat takes even less time then with a kickstart diskette. Time: Put in disk and install CD, turn on computer, come back when it is done configuring everything.