Three New Microsoft Bulletins

← Back to Stories (view on slashdot.org)

Three New Microsoft Bulletins

Posted by michael on Tuesday January 11, 2005 @09:02AM from the security-is-priority-one dept.

Jimmy M writes "Microsoft has released three security bulletins for January, which correct vulnerabilities in the handling of Icon and Cursor files, Indexing Services, and HTML Help. Bulletin MS05-001 (HTML Help) is the Extremely Critical vulnerability (Demonstration) that Secunia warned about last week - nice to see a quick move from MS. All updates are available from Windows Update."

4 of 224 comments (clear)

Min score:

Reason:

Sort:

Quick? by Anonymous Coward · 2005-01-11 09:03 · Score: 5, Insightful

The extremely critical exploit was listed on 2004-10-20! It took nearly three months to fix.
1. Re:Quick? by bonch · 2005-01-11 09:53 · Score: 3, Insightful
  
  I love when Michael posts every little bulletin from Microsoft to make it appear that it's ridden with security holes. A lot of people here seem to only get their security news from Slashdot. What if Windows allowed arbitrary code execution just from viewing a PDF file? Slashdot would be all over it. And yet, it's one of today's Gentoo vulnerability announcements--Xpdf has a fatal flaw. But such stories get rejected by the editors in favor of more Microsoft.
  
  LinuxSecurity keeps a running list of daily vulnerability announcements from all the distros. Just click on a distro and be amazed at all the buffer overruns, root exploits, code execution, and more that never get reported on this site.
  
  "Three New Microsoft Bulletins?" Try 13 new Debian bulletins in the past week. Gentoo has announced 12 since last Sunday alone.
  
  Why aren't these things announced like Microsoft bulletins are? Because Microsoft articles generate more page hits...which is great for the banner ads. They're using you guys.
  
  This attitude of the flawless Linux is really, really dangerous, because Linux distros are just as ridden with software holes as Windows systems are accused of being, but you'd never know it if all you did was visit Slashdot...and we all know what a false sense of security leads to...
  
  Of course, Slashdot shouldn't stop posting about Microsoft vulnerabilities. But snide comments like "security-is-number-one dept." make this place seem like a site of nothing but flamebait for Linux fanboys. There's more to security than just hating Microsoft and ignoring Linux security flaws.
  
  I know I risk karma for this post, but I'm really shocked at the illogic and immaturity displayed on Slashdot, compared to when it began in the 90s. Laughing about Microsoft bulletins in some weird schadenfreude doesn't make the Linux kernel any less imperfect (see yesterday's article) or its distros (see LinuxSecurity any given day for pages of bulletins all collected together).
Icons and cursors, oh my! by FirstTimeCaller · 2005-01-11 09:11 · Score: 4, Insightful

I don't normally stoop to Microsoft Bashing, but security vulnerabilities in icons and cursors?!?!?

--
Wanted: witty unique signature. Must be willing to relocate.
Re:XP SP2 by bonch · 2005-01-11 10:02 · Score: 3, Insightful

Isn't it funny how Linux kernel versions affected are explicity mentioned in Slashdot's articles on the subject? You'd think the fact SP2 fixed the other two vulnerabilities already would have been an important point to state. It's not like SP2 just came out or anything; what is it, over half a year now?