Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another Critical Microsoft Hole

Posted by michael on from the your-daily-dose dept.

gmuslera writes "Not was enough that recent vulnerability in IE that can run any program in an unpatched windows system. Now there is another related to an ActiveX control that can make IE and IIS to run any code in the system. The Microsoft solution? kill the related ActiveX control and replace it with a safe one. The Microsoft problem? As this control is Microsoft signed, any site can require it, upload it and replace the "good" one with the vulnerable one. The final recomendation from Microsoft? Don't trust/run ActiveX controls signed by Microsoft." Gimble points to the appropriate locations on Microsoft's website: "Another buffer overrun (that allows arbitrary code to be run) has been admitted to by MS, and it affects IIS and IE on clients (but not on XP), and they have a patch available here Security Hotfix for Q329414. The kicker is that a patched system can be rendered vulnerable again by a hostile web site or HTML email. The 'solution' from MS in Microsoft Security Bulletin MS02-065 recommends that you remove MS from the list of Trusted Publishers."

14 of 597 comments (clear)

  1. Re:He's right about the fonts by Rebel+Patriot · · Score: 5, Funny

    Why doesn't Microsoft wake up and just apply the "mozilla patch"? :^)

    --
    Slackware forever. Honestly, what else would you trust when it absolutely positively has to be stable, secure, and easy
  2. Re: Another critical Microsoft hole by T1girl · · Score: 5, Funny

    Not was enough that recent vulnerability in IE that can run any program in an unpatched windows system.

    Difficult to read this post is, hmmm?

  3. Re:Sound Advice by nougatmachine · · Score: 5, Funny

    I removed Microsoft from my "trusted publishers" list a long time ago ; )

  4. DOJ reaction by MosesJones · · Score: 5, Funny


    Today the DOJ announced that they would no longer trust Microsoft and had removed Microsoft from the list of companies it would allow to police themselves. This was done on Microsoft's advice as they felt they could not be trusted not to screw around like they had before.

    "Lets face it" said Bill Gates "asking us to police ourselves is like asking Dan Quayle to front a literacy program, its just not a good idea"

    --
    An Eye for an Eye will make the whole world blind - Gandhi
  5. Re:More Bias by warrior_on_the_edge_ · · Score: 5, Funny

    It just makes us look like insecure teenagers

    Maybe we should apply the SECURE teenager patch I thought I saw somewhere....

  6. Re:This bodes well by kmellis · · Score: 5, Funny
    "There is no such thing as implicit trust, and if you think there is, please send me a blank check." - aphor
    Sure, just give me your address, and it'll be on its way.
  7. I find it amusing... by analog_line · · Score: 5, Funny

    ...that the only safe place to run a Microsoft browser is on an Apple Computer operating system.

  8. Re:Aaahhhh! by andrew_0812 · · Score: 5, Funny

    Wait a minute. You mean I can't trust Microsoft?

  9. Re:Sound Advice by RyoSaeba · · Score: 5, Funny

    Well yes, but now you run in the horrible paradoxal loop !!
    Suppose MS say that they shouldn't be trusted. Assume you think it's right, so you don't trust'em, so you believe THAT sentence is false ! Therefore MS should be trusted. So of course you must trust'em, and believe they shouldn't trusted... And so on & on !
    Finally their claim is just another way to make your system / brain crash due to stack overflow...

    --
    Tsuyoikoto ha taisetsu da ne, dakedo namida mo hitsuyousa (Strength is an important thing, but tears too are necessary)
  10. Re:Oooo! He card read good! by gl4ss · · Score: 5, Funny

    beowulf cluster of yoda there are.

    karmasuicide2k2

    --
    world was created 5 seconds before this post as it is.
  11. Click...refresh...huh? by CodeShark · · Score: 5, Funny
    'xcuse me -- thought I'd pulled a Rip Van Winkle and woke up just in time for a Malda & Co. April Fools Joke.....Microsoft admitting that that content from Microsoft can't be trusted?

    --note to self--

    Consider buying stock in proposed Hades Ski and Ice Skating resort... it must be getting real cold down there about now, somewhere between slushy and completely frozen over.

    --
    ...Open Source isn't the only answer -- but it's almost always a better value than the alternatives...
  12. In other news... by pixelated77 · · Score: 5, Funny

    Microsoft has warned about a security hole in Notepad. While Microsoft prepares a fix, it advises that we all use EDLIN in the mean time.

  13. Great solution, what about SPAM? by insac · · Score: 5, Funny

    (...)
    "The simplest way is to make sure you have no
    trusted publishers, including Microsoft. If you do
    that, any attempt by either a web page or an HTML
    mail to download an ActiveX control will generate a warning message."
    (...)

     We could use this idea also with SPAM. Why use Bayesian filters (that aren't still 100% safe)? We could open every single message and decide if it is SPAM or not. If it is SPAM we can then delete it... it's easy!!

    This message doesn't need a signature

    --
    This message doesn't need a sig
  14. Re:Sound Advice by DarrylM · · Score: 5, Funny

    Ahh, It's all coming clear... Microsoft is using A.L.I.C.E. now!

    Microsoft1: All things you need to trust are from Microsoft.
    Microsoft2: But all things are not always me need to trust are from Microsoft.
    Microsoft1: Umm. But all things are not always are not always you need to trust are from Microsoft.
    Microsoft2: Interesting. But all things are not always are not always are not always me need to trust are from Microsoft.
    Microsoft1: Interesting. But all things are not always are not always are not always are not always you need to trust are from Microsoft.
    Microsoft2: Huh. But all things are not always are not always are not always are not always are not always me need to trust are from Microsoft.
    Microsoft1: Huh. But all things are not always are not always are not always are not always are not always are not always you need to trust are from Microsoft.
    Microsoft2: Umm. But all things are not always are not always are not always are not always are not always are not always are not always me need to trust are from Microsoft.
    Microsoft1: And. But all things are not always are not always are not always are not always are not always are not always are not always are not always you need to trust are from Microsoft.

    etc.

    :-)