Microsoft Issues Five New Security Warnings

smelroy writes "Microsoft on Wednesday issued security bulletins for five new software vulnerabilities, including a flaw in Visual Basic for Applications that the company rated as critical. The company has posted patches for each of the flaws on its Web site. Four of the problems affect Microsoft's Office desktop software. You can read the story here and the security bulletins here."

deja vu

i'm having this funny feeling of deja vu...

Re:deja vu

Could this be a glitch in the Matrix?

Re:deja vu

[Winterblink]

*draws dual 9mms* It's a glitch in the Matrix. It happens when they patch something.

Re:deja vu

Re:deja vu (Score:0)
by Anonymous Coward on Thursday September 04, @10:11AM (#6868436)
Could this be a glitch in the Matrix?

Re:deja vu (Score:2)
by Winterblink (575267) on Thursday September 04, @10:11AM (#6868444)
*draws dual 9mms* It's a glitch in the Matrix. It happens when they patch something.

Two identical posts at the exact same time. Now that *has* to be a glitch in the Matrix!

Re:deja vu

[mschoolbus]

Deja Vu? Why do you get feelings of a strip club with this M$ security story?

Re:deja vu

[EvilTwinSkippy]

Was it 2 patches, or the same patch twice?

Re:deja vu

[RLW]

documentary style music.
Voice over: It's the wheel of glitches.

Location: M$aFT glitch preserve.

M$aFT Tour Guide: The life cycle of the glitch is an often fast and furrious one, many only living for a few short days upto a few months typically. Although on some low exposure less used systems they may obtain a Methuselahn life span of a several years.
slight pause
Tour Guide Continues: Here at the M$aFT glitch preserve we try to breed and raise our glitches for survival in the wild.

Interupting Guide Tour member: Why do you breed and raise glitchtes anyway? Aren't there enough bugs in the wild already. I mean ...

Cutting off the Tour member Tour Guide: They are glitches, not bugs. As far as the number of glitches in the wild each glitch performs important ecological functions. There are some that encourage users to upgrade their Office packages, there are others that spark the need to upgrade development IDEs and there are others still that motivate upgrades to new versions of our glitch preserve, uh, I mean OS.

Re:deja vu

[MarkGriz]

Linus, I need an exit... fast!

Re:deja vu

[syle]

Because like a strip club, Microsoft shows you a good time, but eventually leaves you to go home depressed, penniless, and unsatisfied.

Re:deja vu

[Aliencow]

No, they are glitches in Windows, Office and IE!

Re:deja vu

[chocochip]

You forgot...

and very likely leaves you infected with a virus.

Had me confused for a second

[greechneb]

The most serious of the flaws could let an attacker execute code from an open Office application.

Confused me because I couldn't figure out why Microsoft was releasing bug reports for openoffice. (Aside from the obvious conspiracy theory that Microsoft would be trying to make the competition look bad)

Sigh... it seems a day doesn't go by

[winkydink]

...without either e-mail from RedHat about a bug or news from MS about one. Lucky me, today I have both.

Microsoft Issues Five New Security Warnings

1.SuSE

2.Red Hat

3.Mandrake

4.Debian

5.Gentoo

Flaw IN Visual Basic?

[mahdi13]

I thought Visual Basic was a flaw!

Re:Why Does Slashdot Care???!!

[jpsst34]

"This looks like another story to laugh and mock MS. In reality, it is you zealots that look like mormons."

That doesn't make any sense. A Linux zealot can't even get a date, let alone several wives!

Final patch

[mcgroarty]

I'm thinking MS could save a whole lot of time if they'd just get rid of the network and user input drivers!

woohoo!

[xao+gypsie]

for all my fellow IT guys (and girls).......PATCHERS, start your engines!!

xao

paraphrasing....

[naph]

"For example, an attacker could read files on your computer or run programs on it. By installing this update, you can help protect your computer." - MS03-037

read... "do whatever the fuck they want"

heh.

NetBios Problem: Affected Platforms

[burgburgburg]

Affected platforms include Windows XP, Windows 2000, Windows NT 4.0 Server, and Windows Server 2003.

Welcome to the family, WS2K3!

New game ...

Get a couple of friends together.
Each person throws in a buck.
Each person guesses when the next security patch will be released by Microsoft.
Wait for next patch (This will not take long).
Winner takes all the money.
Start over.

Re:what % of Windows is patches?

[Doesn't_Comment_Code]

And how long until the entire operating system, and all the Microsoft applications, are all just patches?

It should be a lot easier to pirate a copy of Windows when you can reconstruct the entire operating system by downloading patches directly from MS, and piecing them together like legos.

Re:what % of Windows is patches?

[Sun+Tzu]

The difference between Linux and Windows that the original poster was obviously referring to is this:

Linux consists of 99%+ functionality patches

Windows consists of 182%+(*) security patches, many of which, unfortunately, have security issues

(*) Totals exceed 100% due to previous patches getting patched for new security issues.
--
Send us your Linux programming articles

On Principle

[redtail1]

Maybe Microsoft has started offering their developers $20 for each security fix...

Re:On Principle

[Xenius]

Heh, not even they have enough money to offer that. ;)

it's a good thing that microsoft

[way2trivial]

didn't make "our products will not kill customers and burn down buildings" one of it's "top priorities"

think- where we would be then?

Re:I wonder how long before the new worm..

[b17bmbr]

The bluster worm

was that written by ballmer perchance.

New Microsoft Icon

[redtail1]

I'd love to see ol' Borg Bill wearing a black patch over his other eye...

Thank you MS

[harvey_peterson]

Thank you Microsoft, for keeping all of us Techical Support people employed. Without you, the other half of slashdot would be unemployed.

I hope their insertion operator for Add/Remove...

[CatOne]

Software is O(1).

Because I have like 357 hotfixes in that list now.

Damn, it's going to take me about 5 minutes to scroll down to uninstall any software that starts with a "Y" or "Z" :-P

Obligatory Dilbert quote...

[quacking+duck]

"Woo-hoo! I'm gonna write me a new minivan this afternoon!"

Re:what % of Windows is patches?

[brkello]

Oh come on, at lease be fair. I can't believe you are modded insightful....I'd say funny. If you think linux patches are all functionality, then you don't work with Linux. The real difference between linux and windows is that you have a 99.9% better chance of getting modded up if you bash Microsoft patches than if you were to say something truly interesting.

Re:what % of Windows is patches?

[gmuslera]

Maybe MummyOS, by this time you don't see any skin, is all patches and bandages.

Headline:

[Anonym1ty]

MICROSOFT ADMITS SOMETHIN ELSE IS WRONG

In todays news Microsoft has been forced to admit their operating system suck yet again! Microsoft engineer Billy Joe Bob is quoted sayin "Welp we done found yet anouther bug in the werks and we are gunna just fix this right up fer ya".

Users are asked to visit Microsoft's site where they will be able to get an update. Users will only be required to tell Microsfot what's on their hard drive and why they have a dual boot setup with an unidentifiable operating system. Users will also have to agree to love Microsoft through the next three upgrade cycles.

Re:And yet, look at my sig for Linux vulnerabiliti

[Bull999999]

I didn't know that Linus decided to integrate sendmail, php, LinuxNode, an Amateur Packet Radio Node program, perl, up2date (Red Hat), pam_smb, vmware, horde MTA, gdm, Mindi, eroaster, Gallery, and atari800 into the offical Linux kernal. Is this the new Mega Supersized Linux Macrokernal?

Sweet quote from Seattle News

[w42w42]

A nice quote from KOMO, a station in Seattle (next door to Redmond for those that are unfamiliar with the area).

SEATTLE - Those of you using Mac OS or Linux can relax this time, but those using MS Office on Windows, take note: Microsoft has issued some more security alerts.

Re:blame microsoft!

[pair-a-noyd]

Hey!
Patching Windows is *GOOD* (as in doubleplus) for the economy!

Just think of all the computer techs "steppin & fetchin" right now patching up all the M$ boxes around the world. Right now they are busier than Santa's elves on Christmas eve.

All that overtime is boosting the enconomy man!
And as they drive around, they spread the wealth, from spending those big, fat paychecks on upgrading to Windows XP! And as they drive around patching systems, the stop and spend a dollar or two at McD's, a bag of Cheetos, a soda, you name it.

Yep, patching Windows definatly is a BIG BOOST to the economy and it's a good Homeland Defense exercise.

Re:what % of Windows is patches?

> Maybe MummyOS, by this time you don't see any skin, is all patches and bandages.

And is apparently unkillable, and spreads plagues throughout its environment.

Re:Minneapolis references on /.

[revividus]

Oops, my bad.

Is there some sort of ANSI standard-Strip-club-naming-convention that I'm not aware of?

Mitigating Factors

[cmacb]

The security threat posed by a particular bug in Windows is "Critical", but this is mitigated by the fact that: "The user must open a document sent to them by an attacker in order for this vulnerability to be exploited.", or "The Microsoft Access Snapshot Viewer is not installed with Microsoft Office by default. ", or "Any information disclosure would be completely random. "

Well that last one is certainly good to know. If my information is going to be disclosed I'd certainly prefer that it be my random information rather than my much more valuable, um, organized information.

I'm wondering if there are not a team of "Mitigation Specialists" at Microsoft charged with coming up with these things. I think this is something I could handle pretty well. I think I'll send them a resume.

Here is a sample of my work:

Mitigating Factors:

* User must have not only installed Windows and Office, but actually be using these products for any harm to, or exposer of user data to occur.

~*~ Small pets, farm animals, or other domesticated wildlife will not be harmed by the use of these products, even if human user fails to exercise due caution.

*# Extra-Terrestrial life-forms are completely safe even when in the same room as an operating Windows environment.

::=. Use of un-patched Outlook Express has been shown to have no effect on local precipitation nor earthquake activity. We will advise customers of an future change in this situation.

I really think I could come up with a lot of these. How about you? Do you have a future as a Microsoft Mitigation Specialist?

M$ Security logic

[AbbyNormal]

I loved the article over at NewScientist (here)

A Microsoft spokeswoman told New Scientist the risk was lessened by the fact that exploiting any of the vulnerabilities would require a victim to open a document or carry out some other active task. She added: "We don't know of any worms being created."

Uh...Open a document? You mean like an email with the attached virus/worm that says: "Here is the document you requested"?

Sigh...Damage control must be getting lazy or something.

Re:And yet, look at my sig for Linux vulnerabiliti

[__past__]

He did so because he saw how successfull Microsoft was after integrating VBA and the Office programs in the XP kernel.

Re:what % of Windows is patches?

[toddestan]

Yeah, but where are you going to get old, unpatched and nonupdated, Windows 3.1 code that still lurks in the heart of Windows XP?