Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows Vulnerabilities Revealed, Patched

Posted by simoniker on from the information-is-good dept.

Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.

38 of 445 comments (clear)

  1. *G* by rylin · · Score: 5, Funny

    So much for homeland security ;)

  2. heh by Anonymous Coward · · Score: 5, Funny
    Microsoft admits critical flaw in nearly all Windows software

    ...The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency

    1. Re:heh by Anonymous Coward · · Score: 3, Funny

      I don't think the Department of Homeland Security has anything to worry about. If you hack into Homeland Security then you must be a terrorist, and you will be pursued with great vengeance and furious anger, more than likely. With the Patriot Act also in existence, is there anyone brave enough to attack the Department of Homeland Security?

    2. Re:heh by Tony-A · · Score: 2, Funny

      As I have entirely too much that *is* important on my box, I'm not taking any chances. I'm not updating.

    3. Re:heh by Trusted+Content · · Score: 1, Funny

      lol

      --
      OMG OMG LUNIX OMG
  3. Poll: Tinfoil hat mode ON! by Atario · · Score: 4, Funny
    Why does MS come out with patches so often?
    1. To get you used to installing whatever they tell you to, you good little sheep
    2. To appear to be constantly updating, just like all those punk kids with their Open Source and their Rock and Roll Music and such
    3. To save money on testing costs
    --
    "A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
  4. Dupe by Anonymous Coward · · Score: 5, Funny

    We just had a story about a security vulnerability in WIndows!

  5. Re:More info and POC ... by Anonymous Coward · · Score: 4, Funny

    No it was only two. The third vulnerability was introduced with the fix for the second vulnerability, then patched.

    That's how these security rollups work, right?

  6. Re:Conviently... by suss · · Score: 4, Funny

    ... discloded after they got the Homeland security account.

    Yeah, like it's a big secret that microsoft products are insecure... come on, it's not like they're stupid and/or oblivious at the department of Homeland Security, are they...?

  7. What do you know... by GMFTatsujin · · Score: 5, Funny

    The only thing that works correctly in Windows ME has finally been discovered.

    1. Re:What do you know... by 200_success · · Score: 2, Funny

      No, it just means that the exploit doesn't work correctly on Windows ME. =)

  8. Re:patch beat slashdot by Anonymous Coward · · Score: 4, Funny

    it's not that microsoft is getting better.... it just means that you're not checking slashdot often enough....

    shame on you! ;)

    now go to slashdot.org and practice hitting that 'refresh' button

  9. Vulnerability by Jason_says · · Score: 4, Funny

    *News Flash!! A new vulnerability through buffer overflow has been found on computers. The new vulnerability does not appear to affect Unix, Linux, BSD, or Mac users. This of course only leaves very few commercial operating systems left, but we will not tell you right out which OS that this buffer overflow directly relates to. Thank you and have a nice day.

  10. In other news.... by jinglecat · · Score: 1, Funny

    ....Reports confirm that the sun does, indeed, rise and set everyday.

    ....Reports show that tomorrow with be Thursday the 17th of July.

    ....Reports illustrate that humans need Oxygen to breath.

    ....Reports describe that this is OLD Microsoft news and is something to be expected and is not front page news-worthy.

  11. hah! by kritikal · · Score: 5, Funny

    "allow an attacker to take control of computers running any version of Windows except for Windows ME."

    all you people who said i was stupid for running windows me, look who's laughing now!

  12. Re:someting is wrong with this picture by tarquin_fim_bim · · Score: 2, Funny

    4) ????

    5) PROFIT

  13. Re:Conviently... by Anonymous Coward · · Score: 1, Funny

    I presume you meant convently discloding, i.e., removing earth in a manner typical of buildings where nuns live.

  14. Re:Poll: Tinfoil hat mode ON! by quantaman · · Score: 4, Funny

    Because software has bugs. That's what software is for.

    Hmm, and all this time I thought software was for doing work, silly me!

    --
    I stole this Sig
  15. one step ahead by fihzy · · Score: 5, Funny

    10) find big remote vulnerability in product
    20) perfect the exploit
    30) have fun with it for months
    40) find another big hole in same product
    50) perfect exploit for hole
    60) alert vendor about original hole
    70) have fun with new hole
    80) goto 40

  16. Windows Vulnerabilities Revealed, Patched by teamhasnoi · · Score: 3, Funny
    Tonight on Fox! Right after "That 70's Show", You will learn the secrets Windows developers don't want you to know!

    Jonathan Frakes explores the seedy world of Windows Vulneralbilities, on Windows Vulnerabilities Revealed, Patched!

    Tonight on Fox!

  17. Re:patch beat slashdot by FuzzyBad-Mofo · · Score: 4, Funny

    Ever consider that large portions of the Slashdot readership possibly have no need for the patch?

  18. This is very surprising by dtjohnson · · Score: 3, Funny

    Windows seems to have some security issues. Well, I'm sure that Microsoft fixed it.

  19. Re: WTF? by Black+Parrot · · Score: 2, Funny


    > No Borg icon? No wise cracks? What gives?

    The cracks are in the software; don't know about the other stuff.

    --
    Sheesh, evil *and* a jerk. -- Jade
  20. Yes, I run Windows! by coene · · Score: 1, Funny

    Yes, I run Windows on my desktops. And yes, I've stopped patching. I refuse. What's installed is exactly what comes off the CD. Got a problem with that, Microsoft?

    *hides*

    1. Re:Yes, I run Windows! by valkraider · · Score: 4, Funny

      What was your IP again?

  21. Oh no by Anonymous Coward · · Score: 1, Funny

    Do you really want to bring apple into this?

  22. Sure. by foobario · · Score: 5, Funny

    "The software giant issued a patch Wednesday morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME."

    Hell, even legitimate users of Windows ME can't take control of their computers...

  23. Windows Update by heli0 · · Score: 4, Funny

    Buffer Overrun In RPC Interface Could Allow Code Execution
    Security Update for Windows XP (823980)
    Download size: 1.2 MB, ~ 1 minute
    A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.

    Unchecked Buffer in Windows Shell Could Enable System Compromise
    821557: Security Update (Windows XP)
    Download size: 5.1 MB, ~ 1 minute
    An identified security issue in Microsoft Windows could allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions. For example, an attacker could execute code on the system. By installing this update, you can help protect your computer. After you install this item, you may have to restart your computer.

    Could someone get them a copy of Secure Programming and highlight all of chapter 6 Avoid Buffer Overflow.

    --
    Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
  24. Re:patch beat slashdot by MattCohn.com · · Score: 2, Funny

    Hah! I've got Opera, automatically re-freashes the page ever 5 Seconds! Take that Slashdot! Take that E-Bay! No honney, I wont come to bed... I'm WORKING!

  25. The grandparent post, rewritten by Anonymous Coward · · Score: 2, Funny

    My good sir, of course this was for the backend and not for the desktop. In the future, kind anonymous gentleman, I ask that you prove your assertations. If you cannot do that, please do not participate in this educated discussion.

    Yours,

    A. Coward.

  26. LART! by AnotherScratchMonkey · · Score: 2, Funny
    But if you keep port 135 open on your DMZ boxes, you deserve to be hanged with a piece of CAT-5 cable.

    No, beat them with the CAT-5 o' nine tails instead!

  27. Re:winnuke all over again! by H310iSe · · Score: 2, Funny

    This particular failure affects an underlying Distributed Component Object Model (DCOM) interface, which listens on TCP/IP port 135.

    In a related story, the US Dept. of Defense today announced that since 'repeated threats to national security' have been associated with Ports 135-137 the Army has launched Operation Port Closure. Citing the same 'support for terrorists' clause they used on Afganistan, they are terminating with 'extreme predjudice' anyone who harbors this nefarious port and the terrorists it breeds. Once locations are found, cruise missles will be sent to ensure 'permenate port closure'.

    The president told the nation 'these ports are used by terrorists who hate freedom.' When he was informed the first cruise missles fired hit the Department of Homeland Security he simply nodded his head knowingly. 'even here, we must forever be on guard against freedom-hating port 135 lovers. Even here...'

    --
    closed minded is as closed minded does
  28. Yet another SCAM ? by stock · · Score: 3, Funny
    oh my goodness : " Microsoft admits critical flaw in nearly all Windows software "

    "The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency."

    http://www.sfgate.com/cgi-bin/article.cgi?file=/ne ws/archive/2003/07/16/national1725EDT0732.DTL

    that last quote is on the bottom..

    Robert

  29. Re:Bad by EvilTwinSkippy · · Score: 5, Funny
    But if you keep port 135 open on your DMZ boxes, you deserve to be hanged with a piece of CAT-5 cable.

    Most network admins are too portly and would sheer CAT-5 cable. Better to use Fiber-Optic cable. It has a higher tensile strength.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  30. Time to patch Windows, must be Thursday by dheltzel · · Score: 3, Funny

    Oh wait! This week's security flaw arrived a day early.

    I had my Outlook Calendar set to sync on the Windows patches, now tomorrow's schedule will be all messed up. I wonder if I can convince my boss that tomorrow is really Friday?

  31. BILL GATES by Anonymous Coward · · Score: 1, Funny

    Bill Gates is not Locutus of Borg. He is Q! All KNOWING ALL SEEING!! BOW DOWN BEFORE HIM.

    Note: I'm referring to the old Q... BEFORE the whole Janeway/Voyager incident...

  32. Don't Worry by Lux · · Score: 2, Funny

    That's not a bug. As long as DirectX still works, there's no reason to suspect the patch worked incorrectly.

    -Lux

  33. I'VE GOT THE 0-DAY SPLOIT! by InvaderXimian · · Score: 2, Funny

    OK script kiddies, fire up your right click and Save As because I've got the batch file with the hacks! 0-day sploit