Microsoft Announces Three More Critical Vulnerabilities
weekendwarrior1980 writes "Microsoft warned that three 'critical'-rated flaws in the Windows operating system and other programs could allow hackers to sneak into personal computers and snoop on sensitive data.
The flaws could allow attackers to break into PCs running Windows in several ways and then use the system to run malicious programs and steal or delete key data. These latest security flaws affect the latest versions of Windows, including Windows NT 4.0, Windows 98, Windows 2000 , Windows XP, as well as software for networked computers such as Windows NT Server and Windows Server 2003." Their bulletins are available for these vulnerabilities. Techweb has a pretty good summary.
Here we go again...
Never email donotemail@WeAreSpammers.com
I've got IE configured to present itself to websites as Netscape so I can't check the Windows Update webpage, I have to rely on automatic update to tell me of new patches. For the past couple months there has been nary a one patch, then today a whole handful of them.
What a surprise. My bandwidth was halved by the invisible download.
Whoops. Be right back. Install is finished, gotta reboot.
I have been pwned because my
That site with their bulletins also has a link to the XP Service Pack 2 release candidate.. That thing has been in the works for so long. Hopefully it makes some useful improvements in their security.
It looks like the firewall will basically be a built-in ZoneAlarm, with better inbound abilities, and outbound application controls.
They also have some buffer overflow protections. Are they good enough to make a difference?
Won't announcing the vulnerabilities cause them to be expoited??
Shouldn't Microsoft as a result slow down the security patch cycle?
Only Women Bleed (Sex, Sharia remix)
Well,
/. story, went to the Windows Update website, and lo and behold, it only works with IE. I can go to the Microsoft Download Center if I use another browser besides IE, but I actually like the way Windows update works, scanning my computer and giving me options for what I can install.
After the Nth spyware that infected IE, about 10 days ago I finally had enough of it and switched to Firefox. Haven't looked back since, Firefox rocks.
So after I read this
Looked through the Firefox FAQs, couldn't find any mention of this. Anyone have another suggestion, or should I use IE for updates and Firefox for everything else?
-"Those who fought today will die tommorow."-
I'd say it's more likely the majority (or at least a goodly chunk) of Slashdot users use something like Opera or Mozilla*, which lets you spoof your browser ID to websites. I do it, or I'd be locked out of a good many moronic sites (one being my bank) that only think IE works.
Although with the level of pro-MS posting and moderating on a dramatic increase over the past year, I wouldn't be surprised if we have a lot of IE users here now.
(Quick! To get some instant karma, talk about some obscure SSH/apache/whatever exploit that wouldn't affect anyone using Linux as a *desktop* system and is only applicable to a service that isn't run by default on any major distro, and claim that Linux is as insecure as Windows! Then whine about Slashdot's "bias" towards Linux to make sure you keep getting modded up!)
Endless arguments over trivial contradictions in books written by ignorant savages to explain thunder in the dark.
or option c) SP2 beta isn't recognized by winupdate, so you're going to be exposed.
Yeah, this is what burns me up with these security bug comparisons. In Linux, 99% of software you run on your computer you get from your distribution, while very little of your software under Windows comes as a part of Windows. Of course there are more bugs in a complete computer setup with 10 different ftp servers to choose from, irc clients, a complete development suite(or 3), etc...
Blessed are the pessimists, for they have made backups.
All the others where denial of service vulnerabilities or elevation of privileges problems, which in case of the kernel are of course a bad thing and which have been reported on Slashdot several times.
So in the last year, I had exactly ZERO vulnerabilities that would represent an immedieate danger to my Linux boxes (elevation of privileges is bad, but not an immediate danger for me because I don't run any mass-user hosts) and in the meantime the Windows-world had MS-Slammer, MS-Blaster and many, many other problems.
If you want to stick your head into the sand, do so, but please don't think that you are smart doing so or that anybody else has got a "party line".
Tim