Windows Vulnerabilities Revealed, Patched
Saint Aardvark writes "A big MS Windows remote vulnerability has just hit BugTraq. It concerns a buffer overflow in MS' DCOM, and affects Win2k through Server 2003; here's the security advisory from Microsoft. This is in addition to an earlier vulnerability concerning conversion from HTML to RTF - there's a separate security advisory from Microsoft for this one, and it affects Win98 and NT 4.0 through Server 2003. Patch early, patch often." There's also a CNET News story with a little more explanation on the newest vulnerability.
So much for homeland security ;)
"A great democracy must be progressive or it will soon cease to be a great democracy." --Theodore Roosevelt
We just had a story about a security vulnerability in WIndows!
No it was only two. The third vulnerability was introduced with the fix for the second vulnerability, then patched.
That's how these security rollups work, right?
... discloded after they got the Homeland security account.
Yeah, like it's a big secret that microsoft products are insecure... come on, it's not like they're stupid and/or oblivious at the department of Homeland Security, are they...?
The only thing that works correctly in Windows ME has finally been discovered.
it's not that microsoft is getting better.... it just means that you're not checking slashdot often enough....
;)
shame on you!
now go to slashdot.org and practice hitting that 'refresh' button
*News Flash!! A new vulnerability through buffer overflow has been found on computers. The new vulnerability does not appear to affect Unix, Linux, BSD, or Mac users. This of course only leaves very few commercial operating systems left, but we will not tell you right out which OS that this buffer overflow directly relates to. Thank you and have a nice day.
"allow an attacker to take control of computers running any version of Windows except for Windows ME."
all you people who said i was stupid for running windows me, look who's laughing now!
Because software has bugs. That's what software is for.
Hmm, and all this time I thought software was for doing work, silly me!
I stole this Sig
10) find big remote vulnerability in product
20) perfect the exploit
30) have fun with it for months
40) find another big hole in same product
50) perfect exploit for hole
60) alert vendor about original hole
70) have fun with new hole
80) goto 40
Jonathan Frakes explores the seedy world of Windows Vulneralbilities, on Windows Vulnerabilities Revealed, Patched!
Tonight on Fox!
Ever consider that large portions of the Slashdot readership possibly have no need for the patch?
Windows seems to have some security issues. Well, I'm sure that Microsoft fixed it.
"The software giant issued a patch Wednesday morning to plug a critical security hole that could allow an attacker to take control of computers running any version of Windows except for Windows ME."
Hell, even legitimate users of Windows ME can't take control of their computers...
What was your IP again?
Buffer Overrun In RPC Interface Could Allow Code Execution
Security Update for Windows XP (823980)
Download size: 1.2 MB, ~ 1 minute
A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer.
Unchecked Buffer in Windows Shell Could Enable System Compromise
821557: Security Update (Windows XP)
Download size: 5.1 MB, ~ 1 minute
An identified security issue in Microsoft Windows could allow an attacker to compromise a Microsoft Windows-based system and then take a variety of actions. For example, an attacker could execute code on the system. By installing this update, you can help protect your computer. After you install this item, you may have to restart your computer.
Could someone get them a copy of Secure Programming and highlight all of chapter 6 Avoid Buffer Overflow.
Whenever the offence inspires less horror than the punishment, the rigour of penal law is obliged to give way...
"The announcement came one day after the Department of Homeland Security announced that it awarded a five-year, $90-million contract for Microsoft to supply all its most important desktop and server software for about 140,000 computers inside the new federal agency."
http://www.sfgate.com/cgi-bin/article.cgi?file=/ne ws/archive/2003/07/16/national1725EDT0732.DTL
that last quote is on the bottom..
Robert
Most network admins are too portly and would sheer CAT-5 cable. Better to use Fiber-Optic cable. It has a higher tensile strength.
"Learning is not compulsory... neither is survival."
--Dr.W.Edwards Deming
Oh wait! This week's security flaw arrived a day early.
I had my Outlook Calendar set to sync on the Windows patches, now tomorrow's schedule will be all messed up. I wonder if I can convince my boss that tomorrow is really Friday?