Microsoft Notes Critical Security Holes in Windows, Office

Scoria writes "CNN is reporting that the infamous Microsoft has disclosed six critical Internet Explorer vulnerabilities, including some that would allow an attacker to execute arbitary commands. According to the relevant TechNet bulletin, a cumulative patch has been released to address them." Please be sure to read the EULA before installing the patch.

There is no EULA attached.

[iamsure]

For the quickfixes listed on the url, there is no EULA to install them.

No EULA

[Mr_Silver]

Please be sure to read the EULA before installing the patch.

I just installed it now (q323759.exe) and it didn't ask me to agree to anything. In fact the only question I got was "Do you want to install this update?".

For now, my PC is safe from Microsoft forced modifications (relativily speaking)

Re:News for Nerds, Twisted to Make MS Look Evil

[shepd]

>The fact of the matter is Windows is the most common target of hackers. They occasionall find stuff, it gets fixed.

No, the fact of the matter is that the oldest security hole still present in internet explorer is over...

2 years and 2 months old.

Look, if they ACTUALLY fixed their OS (and by OS I mean browser, which MS says is the OS) we wouldn't care. But, you see, since they don't care to fix their OS (and if you can't fix it in 2 years then you are one very pathetic uncaring company) then we will care to explain to others that they don't care.

Get it?

You can apply every security patch in the world, but IE is still lets any site read:

- Any and all of your files
- Run any code they please
- Upload files of their choosing
- Modify files they want to
- Delete files they want to
- Delete your BIOS so you can't boot up your computer
- Make your computer dial 911 constantly, tying up emergency systems
- Install viruses on your computer
- Make your computer do DDOS attacks
- Make your computer email bomb threats to the president under your name

All without warning you. And any amount of patching won't affect it.

Is that not serious enough? Do they need to set your computer on fire to make it serious enough? Does your computer have to reach out and throttle you before you see how serious it is?

Sheesh.

I've CAUGHT M$ stuff sneaking past ZA...

[Reziac]

I have personally caught M$ stuff going around ZoneAlarm on two occasions:

WinME, no patches, ZAPro; system had no modem, thus no internet connexion. ZAPro dutifully reported every attempt to connect (which a lot of programs try to do for one reason or another, usually innocently) ... until Frontpage98. My first clue was when FP98 whined about being unable to find the nonexistent modem. ZAP didn't make a peep.

Win98, no patches, ZA Amateur 2.63 (I think); system has moden and DUN configured in the usual way. HAD been well-behaved. Made the mistake of installing TurboTax this past April, and it forcibly installed IE5.5. Which FUBAR'd DUN. When I finally got DUN working again and went online, ZA *immediately* reported an attempt to intrude, from a M$ IP address (I whois'd it, so I'm sure), IIRC on a UDP port. Excuse me? What business does M$ have trying to get into MY computer? And since IE5.5 wasn't running per se (I only use Netscape online), clearly it had suborned Windows itself. And again, ZA didn't make a peep, tho it had always reported every other attempt to get in or out.

This is why I IEradicated IE5.5 [see 98lite.net] and reverted the system to IE5.0, which had never exhibited any underhanded behaviour (tho I don't let it out on the net, I only use it for checking my HTML locally).

And yes, there is a hardware firewall in my future, exactly because of this sort of security breach.