Slashdot Mirror

← Back to Stories (view on slashdot.org)

3 New Windows Security Problems Found

Posted by timothy on from the now-wait-for-the-baffling-no-problems-in-years-claimants dept.

DotNM writes "USA Today is running a story that outlines three security issues in Microsoft Corporation's popular Windows desktop operating system product. It describes the issues and urges users not to download .hlp files from email attachments. Apparently there are issues, even for a Windows XP system patched with Service Pack Two."

19 of 190 comments (clear)

  1. In other Words by Prince+Vegeta+SSJ4 · · Score: 4, Funny

    Merry X-Mas from your friends in Redmond! Geez do they even search for flaws on their own?

    1. Re:In other Words by upsidedown_duck · · Score: 4, Funny

      Geez do they even search for flaws on their own?

      I'm sure Microsoft has an internal issue tracking system. Actually, I'd bet that's what motivated them for putting 64-bit support in Windows!

      --
      -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  2. Breaking news from the Sahara desert! by Ligur · · Score: 5, Funny

    Millions of grains of sand found!

    --
    Smoke me a kipper, I'll be back for breakfast.
  3. Blah blah blah. by jamesgray · · Score: 4, Funny

    "Microsoft Corporation's popular Windows desktop operating system product."
    What? Is there a minimum number of characters for a /. headline?
    Ha.

    1. Re:Blah blah blah. by mattdm · · Score: 5, Funny


      "Microsoft Corporation's popular Windows desktop operating system product."
      What? Is there a minimum number of characters for a /. headline?

      Look, not everybody instantly recognizes the names of every random computer program in existence. There's millions of 'em out there, and, especially for this one with its generic and not-very-descriptive name, it's good to provide some context. Sure, you might be a Microsoft Windows expert, but not everyone here is, y'know? How would you like it if there were a story about something called "Linux" without explaining what that was?

  4. ANI... by Stile+65 · · Score: 5, Informative

    According to a report on eWeek.com, one of the three vulnerabilities involves image handling, which has posed problems for Windows and Unix systems in the past. The other two vulnerabilities involve Windows' Help system and its .hlp files, and Windows' ANI (Automatic Number Identification) authentication capabilities.

    That's what ANI is in the context of telephone networks. In the context of a Windows system, it's an animated mouse cursor.

    Besides, these vulnerabilities were announced yesterday morning on Slashdot!

    --
    I claim first use of "Error No. 0B" - or "No. 0B error." It'll be the new ID 10T!
    1. Re:ANI... by the+unbeliever · · Score: 3, Informative

      When in the case of Windows NT/2k/2k3 server, ANI authentication also means the number(s) that people are allowed to dial in remotely from, so the article text is correct.

  5. 3 New Windows Security Problems Found... by Anonymous Coward · · Score: 5, Funny

    ...two turtle doves and a partridge in a pear tree!

  6. "Issues"? by John+Hasler · · Score: 4, Insightful

    > Apparently there are issues...

    What has become of the word "problem"? "Issue" is marketdroid-speak.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  7. Surprise, Surprise... by NotTheEgg · · Score: 3, Funny

    Apparently there are issues, even for a Windows XP system patched with Service Pack Two.

    *Gasp* Oh my god! Not SERVICE PACK 2, the horror ...

  8. to HTML, or not to HTML? by Gaima · · Score: 5, Funny
    Users are urged to ... and strongly encouraged to read e-mail in plain-text format to keep malicious images from utilizing LoadImage.

    ....

    Sign up to receive our free Tech e-newsletter and get the latest tech news, Hot Sites & more in your inbox.

    E-mail:

    Select one: HTML [x] Text [ ]

    err....?

  9. News flash by SQLz · · Score: 3, Insightful
    ....even for a Windows XP system patched with Service Pack Two.

    Hey, let me give you all a tip.....even if the future service packs for XP reaches version 10, it will alway be insecure and full of critical issues that are discovered by people other than Microsoft.

    At least with Linux, the community usually discovers them first and before the problem is made public there is already a patch available. Now, these poor saps with Windows machines will probably have to wait weeks for a patch. Meanwhile, thier machines are being zombified as I type and turned into spam gateways.

  10. Re:OMG, an OS with security issues... by GigsVT · · Score: 5, Funny

    Human 1.0 is a buggy piece of crap. Apparently there's a hard coded uptime limit of somewhere around 16-48 hours, and rebooting takes up to 12 hours, but usually 8.

    There are hundreds of DDoS attacks, including something as trivial as a potassium injection attack.

    All in all, I can't recommend Human 1.0 for production use yet.

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  11. Re:OMG, an OS with security issues... by Anonymous Coward · · Score: 3, Funny

    Actually, models of the human 1.0 that recieved the "Y" chromosome are vulnerable because they will readily accept forbidden fruit packets without verifying the original senders identity. Transmitting such packets via a model of the Human 1.0 bearing only "X" chromosomes ensures 100% deliverability of any packets. This flaw exists because the "Y" model of the Human 1.0 only uses waist-level firmware when interactiong with the "X-only" model.

  12. Give it a Rest, Please! by dingletec · · Score: 5, Funny

    Even with the daily list of vulnerabilities, viruses, BSOD's, lock-ups, Windows Protection Errors, Ooga-Booga dances to keep the machine running, Windows XP is still the best OS out there! Linux may be stable, virus-free, more secure by design, have tons of free software available, frequent updates, and no restrictions on how many times you install it or where, but it is definitely not ready for the desktop. I mean, it may have more features than Windows, easily connect to just about any type of network service, but really, who can say that it's ready for people to use? So what if it takes under 20 minutes to install a full system with more software than I would ever want to use. Five hours of installation, patching, inserting software cds, installing and updating virus protection, installing effective firewall software, finding device drivers, entering license numbers for an equivalent system in Windows is a small thing compared to what you get with Windows, whatever that means... So what if there are Linux desktops that have not needed rebooting in nearly 2 years, and the only work performed on them was to type "apt-get upgrade dist"? That's just too boring and predictable! What fun is there in that? So what if you can install or upgrade all currently installed software over the internet with one command or by selecting it and clicking install? I'm sorry, but Linux is not ready for the primetime, not "Enterprise" ready. I'm not sure what that means, and frankly I'm not sure anyone else who says that does either, but they are absolutely correct! I can vouch for it.

    --
    --dingletec--
  13. Oh c'mon. by Deal-a-Neil · · Score: 4, Funny

    This is old news. If we're going to have articles about security issues with Windows, we might as well just have a static link to Microsoft.com on Slashdot's front page.

    Here's one of the permanent security bulletins to put on that static link description: Do NOT open any attachments in Outlook, at all. I mean, this is becoming one of the basic rules like, "Don't touch the stove, little Jimmy.. HOT! Very hot."

    Happy Christmas, Harry! Happy Christmas, Ron.

  14. Battered spouse comparison by Tengoo · · Score: 5, Funny

    You know how on that show Cops, you'll occasionally see some redneck guy being stuffed into a police car? Then, in the background, you can hear his bloodied and bruised other half screaming (usually in a southern accent) 'I love him, don't you take him away!'

    This runs through my mind each time another friend of mine replaces his dead Windows box with another. I believe Windows users like to be hit.

  15. Re:Linux Flaws by upsidedown_duck · · Score: 5, Insightful


    There is no way to compare flaws in Windows and Linux, and every attempt to do so is misguided. The reason is that the politics behind disclosure for Microsoft is entirely different than for Linux, so there is no way to link them statistically.

    From the classic "there is one error for every thousand lines of code in a mature program" logic, a person could estimate how many bugs are present in both code bases and look at the number of published bugs to see who is covering their butts more. I'd guess Microsoft has more to lose from bad PR, so odds are they have internalized most knowledge about bugs.

    --
    -- "Makes Little Debbie look like a pile of puke!" - Moe Szyslak
  16. Re:Linux Flaws by m50d · · Score: 3, Informative

    hlp files (or rather the engine which handles them) are part of windows. Microsoft has said as much in statements in court under oath. Subversion has never been installed on my (linux) computer, so you can't count it as part of linux. If a program is installed by default on most of the "big seven" distros, or just the majority of linux installs (but how would you ever check?) I suppose you could count it as part of linux, but that's probably rather unfair since those distros are far more functional by default than windows is. Finally, slashdot does tend to post flaws in major OSS. Whenever I've had to do a security upgrade, I've always found the story on /..

    --
    I am trolling