Slashdot Mirror


Microsoft Announces Three More Critical Vulnerabilities

weekendwarrior1980 writes "Microsoft warned that three 'critical'-rated flaws in the Windows operating system and other programs could allow hackers to sneak into personal computers and snoop on sensitive data. The flaws could allow attackers to break into PCs running Windows in several ways and then use the system to run malicious programs and steal or delete key data. These latest security flaws affect the latest versions of Windows, including Windows NT 4.0, Windows 98, Windows 2000 , Windows XP, as well as software for networked computers such as Windows NT Server and Windows Server 2003." Their bulletins are available for these vulnerabilities. Techweb has a pretty good summary.

7 of 486 comments (clear)

  1. More than three by untermensch · · Score: 5, Informative

    Actually, according to the article there aren't just three vulnerablilies. There are 20 separate vulnerabilities in Windows and Outlook Express, 8 of which are critical, and 16 of which are remotely exploitable. Microsoft has bundled the patches for these into 4 separate downloads - 3 for Windows and 1 for Outlook Express.

  2. Re:More than three by Proud+like+a+god · · Score: 5, Informative

    Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by any of the vulnerabilities that are addressed in this security bulletin?
    No. None of these vulnerabilities are critical in severity on Windows 98, on Windows 98 Second Edition, or on Windows Millennium Edition.


    Another reason for home users and gamers to stick with 98SE. Obviously most businesses aren't so lucky. :-S

  3. Re:Worm Writer's Delight by zackeller · · Score: 5, Informative

    Overestimate.

  4. Like hell that's insightful by nathanh · · Score: 5, Informative
    That a lot of vulnerabilities that concern Linux never get posted to slashdot. Usually I read about these on news.com.

    Open source vulnerabilities and incidents get reported all the freaking time on Slashdot.

  5. Re:This is why microsoft are insecure by The+Bungi · · Score: 5, Informative
    They've gone to scheduled patch releases on the second tuesday of every month to make it easier for admins and users. That's today in case you missed it. AFAIK all the vulnerabilities had been published earlier by third parties.

    If and when there's an actual exploit in the wild for a given vulnerability then they'll release the patch immediately, just like they've done before.

    Whoever modded you "Insightful" should have used the "-1, Another Stupid Conspiracy Theory" mod instead.

  6. Check out www.eeye.com by khasim · · Score: 5, Informative

    http://www.eeye.com/html/Research/Advisories/index .html

    Looks like a whole bunch of those holes were reported to Microsoft by eeye and Microsoft FINALLY got around to patching them.

    Some of them had been reported over 6 months ago.

  7. Re:Windows Update in Firefox by Deviate_X · · Score: 5, Informative

    If you have disabled IE you can install and run the Security Baseline Advisor. It basically does the same thing as Windows update.