Slashdot Mirror

← Back to Stories (view on slashdot.org)

Three New Microsoft Bulletins

Posted by michael on from the security-is-priority-one dept.

Jimmy M writes "Microsoft has released three security bulletins for January, which correct vulnerabilities in the handling of Icon and Cursor files, Indexing Services, and HTML Help. Bulletin MS05-001 (HTML Help) is the Extremely Critical vulnerability (Demonstration) that Secunia warned about last week - nice to see a quick move from MS. All updates are available from Windows Update."

1 of 224 comments (clear)

  1. IE: Zones are a broken concept by Tackhead · · Score: 5, Interesting
    Good policy: Deny all, permit selectively.

    Bad policy: Accept all, but let people turn things off.

    Worse policy: Accept all, but let people turn fewer things off depending on four arbitrary "zones" something falls into.

    Worst policy: Make sure the "zones" in question have nothing to do with TCP/IP, netmasks, DNS, or any other networking concept, but make sure they're supported by a proprietary application you've embedded deeply into the OS to facilitate an embrace/extend/extinguish business model.

    Then act all surprised when everyone ends up running at least one of these "zones" (namely the "local" one, which ought to be the most trustworthy) with their proverbial pants down, thereby creating a guaranteed 100% available target for Worm/Spyware/Virus authors.

    Can someone please find the creature responsible for "Internet Zones" and beat him to death with a large wooden mallet?