Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Issues Five New Security Warnings

Posted by CmdrTaco on from the get-your-patch-on dept.

smelroy writes "Microsoft on Wednesday issued security bulletins for five new software vulnerabilities, including a flaw in Visual Basic for Applications that the company rated as critical. The company has posted patches for each of the flaws on its Web site. Four of the problems affect Microsoft's Office desktop software. You can read the story here and the security bulletins here."

6 of 576 comments (clear)

  1. Flaws in Visual Basic by turgid · · Score: 4, Informative

    Flaws in Visual BASIC are documented right here

    --
    Stick Men
  2. Re:critical VBA flaw by Surak · · Score: 4, Informative

    Speaking as someone who has written full-blown applications in VBA, OOo and StarOffice use StarBasic, which isn't quite the same thing as VBA. VBA is a lot more at the system level and gives you more control over the machine.

    --
    My journal has hot /. gossip.
  3. Re:And yet, look at my sig for Linux vulnerabiliti by Anonymous Coward · · Score: 4, Informative

    Quick quiz, hot shot Troll: Here are the first 5 vulnerabilities from that list:

    atari800, gallery, eroaster, mindi, phpwebsite,

    Now, how many of those are "linux" (i.e. the linux kernel, shell and important utilities.) None.

    How many are remotely exploitable? None.

    Given the user base of those 5 obscure programs, how many would *you* rate as critical?

  4. Re:critical VBA flaw by ScrewMaster · · Score: 4, Informative

    You might see more, but Microsoft still hasn't grasped the sandbox principle: any code that isn't explicitly trusted should not be allowed to access any data or functionality outside a strictly limited area. It can play all it wants inside that sandbox, but won't be allowed out to do harm. ActiveX and COM are two of the most dangerous Microsoft inventions from a security standpoint, since they don't place enough restrictions on what a remote programmer can do with your machine.

    --
    The higher the technology, the sharper that two-edged sword.
  5. Criticality of this is horribly underrated by benploni · · Score: 4, Informative

    Criticality of this is horribly underrated by Microsoft.

    This is critically important for all Windows MS Office users - "the user must open the attachment" is no protection because most users open attachments to see what they are.

    If the infected Word Perfect document is given a .DOC extension, Word will be invoked directly when the user double-clicks the attachment. Word will automatically recognize and convert the document, and run the hostile code with no further opportunity for the user to stop the virus.

    The vulnerability could also be exploited through a web page, and the user would get no chance to say "No" if ActiveX is enabled.

  6. Re:Face it, Linux is popular enough. by gmack · · Score: 4, Informative

    That's funny.. last time there were security vulns I read about them on 3 different news sites and I didn't have to do a thing because my system updated itself.

    It is the distro's job to make sure you are protected when a new exploit is discovered just as it's Microsoft's job when the problem is in windows. Also, if you think anyone accepts accountability for the problem in windows land you may want to read through the EULA again because it sure isn't MS.

    Linux distros get bashed just as much over this and some of us actually avoid the distros with overly bad security records.

    You also need to keep in mind that there is less downtime involved when upgrading Linux systems. My Linux servers are all fully upgraded but have not been shutdown in months. Window? 4 patches 3 reboots.. yuck