Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ten Security Bulletins From Microsoft

Posted by michael on from the making-america-safer dept.

wschalle writes "Microsoft has released 10 "new" security bulletins, including one pertaining to a vulnerability in the Windows Shell, apparently exploitable via the web. The shell vulnerability only allows code execution as the user viewing the malicious web site. Aren't you glad your shell is web-enabled? The recent GDI+ vulnerability is re-released here as well as a vulnerability in zip compression handling."

7 of 392 comments (clear)

  1. Sell exploit runs as user by networkBoy · · Score: 3, Interesting

    So if your user has admin rights (as all at my site do b/c our toolset requires it) then you're screwed if they goto a mal-site. . . . Great.
    -nB

    --
    whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
  2. That is enough for me by trolman · · Score: 3, Interesting

    That is enough for me and my small company. I am using Open Office and Mozilla full time now. Adios Bill.

  3. Re:My by jerw134 · · Score: 5, Interesting

    It would actually mean that Microsoft built the SP2 updates with a new compiler that basically eliminates any possibility of buffer overflows.

  4. Aren't you glad you need admin privileges ... by RealAlaskan · · Score: 4, Interesting
    The shell vulnerability only allows code execution as the user viewing the malicious web site. Aren't you glad your shell is web-enabled?

    Aren't you glad you need admin privileges for day-to-day operations on too many windows boxes?

    Aren't you glad that even if you can get by without admin privileges, you can still completely hose your own files just be visiting the wrong website? Aren't you glad the only files that you can infect are the only files that you really care about?

    You bet I'm glad my shell is web-enabled! After all, this Windows box belongs to my employer ... its his time that will be wasted.

    --
    See what I've been reading.
  5. How is this different by The+Bungi · · Score: 5, Interesting
    From everything in here again?

    With the exception of a proof of concept GDI+ exploit posted to USENET, none of these vulnerabilities are known to be exploited.

    The shell and compressed folder vulns require user interaction, just like 99% of all other "worms". As long as your mail application is patched you can't get hooked via email and if you visit "malicious websites" with anything other than Lynx you probably should be shot anyway. Ditto for a decent firewall.

    On the other hand, I wonder why things like these for soem reason never get posted.

  6. Cumulative bug reporting conspiracy by RealProgrammer · · Score: 4, Interesting
    Microsoft saves these up so that
    1. Users only need to patch their boxes once.
    2. Sysadmins only need to frantically patch all of their boxes once.
    3. It looks better if there is one bunch of ten patches on one day than if there are ten announcements of one patch each on ten different days. A lot of these bugs were announced earlier, but the releases are all announced now.
    4. Saves ink on /.
    --
    sigs, as if you care.
  7. I give up by danharan · · Score: 5, Interesting

    That does it. I'm switching to Linux- Ubuntu, *noppix- or even *BSD, anything but Windows.

    Installing today's updates, it asked me if I wanted more information about a vulnerability- and proceeded to open a page with Internet Explorer. How many times do I have to tell the computer that Firefox is my default browser? Whose machine is this, anyway?

    With SP2, XP has been annoyingly telling me I may not be protected (I run without anti-virus but am locked down regardless and still scan regularly- with no virus or reinstall in 2 years). In today's update, it keeps nagging me to reboot.

    And why do I have to sign yet another goddamned EULA to install critical patches?

    There isn't any windows only software I need anymore. OO.org, Firefox, Thunderbird... and now GAIM (which I've gotten used to at work, working on FC1). I'll miss some of the usability features of XP, but I just can't handle it anymore. So long, Windows!

    --
    Information: "I want to be anthropomorphized"