Slashdot Mirror

← Back to Stories (view on slashdot.org)

First Windows Vista Security Update Released

Posted by Zonk on from the pre-release-security-vulnerabilities-are-inspiring dept.

Bard Of Vim writes "Microsoft has issued critical security patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. The Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. The recent out-of-cycle security update for the WMF vulnerability (see slashdot coverage) makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed 'SetAbortProc,' the function that allows printing jobs to be canceled, was ported over to Vista."

4 of 317 comments (clear)

  1. Steve Gibson: "It's a deliberate backdoor" by Sethra · · Score: 0, Troll

    Despite all the speculation that this was a poorly coded Escape/SETABORTPROC routine, it seems there is potential that something far more sinister was afoot! Namely that this was a deliberately coded backdoor and that Microsoft has known about it for years.

    The Windows MetaFile Backdoor?

  2. SHIP IT! by jcr · · Score: 0, Troll

    I can't wait for Vista to hit the streets, because I'm an Apple shareholder. ;-)

    -jcr

    --
    The only title of honor that a tyrant can grant is "Enemy of the State."
  3. Re:At least... by smittyoneeach · · Score: 0, Troll
    M$ is doing something right
    Doing something right would imply a proactive organization reducing flaws, and the development patterns that implement them, over time.
    I would not accuse Mr. Softy of being a proactive organization.
    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  4. INternet, security, spies and technology... by raman+ananda · · Score: 0, Troll

    We are in the times in which the people have to protect each other. And we all are the people, and the ones that are against the people are the powerful that will not take into consideration peoples rights.

    What NSA is doing is an abuse, but the people that communicate through the internet are very vulnerable to abuse, not only by the governments, but also by mafias and groups of a diversity of allied criminals, some of them acting with white gloves.

    Internet is today the field for criminal activities. In the last few days I have been receiving an enormous amount of emails which were fake from ebay, pay pal, the Netherlands Lotto etc... trying to get from me my password to this accounts. And some of them looked so good that could be mistaken by the real thing, but users of the internet that engage in criminal activities disguise themselves in anonymity that internet provides.

    Our communications throuh the internet are surveiled since time immemorial by NSA, and a wealth of information about us can be collected and may be collected. And this is a great danger to the people, and no law protects us these days.

    What about an internet between authenticated and identified users... so that the majority of internet users that don't mind to be identified because they live in a free country and at the same time, not being engaged in fraudulent activity or criminal activity don't mind to inter-communicate with other identified and authenticated members of the net. Why should anyone want to be anonymous if not engaged in criminal activity?

    This is my point. We should suport the institutions, companies and private people that support the target to bring privacy and security within identified users when using the internet to communicate This is the case of a company called Amteus.

    Now, once in communication with an identified user, which is properly authenticated, then you provide privacy, so... unless you want to make it public, nobody can access your communication because it is properly secured and encrypted. i.e. it travels in a closed envelope and it is unlawful to open it, and it is being between identified and authenticated users that trust each other. Otherwise, not only the governments with their NSAs involved in their own practices will snoop on us, but gangs of gangsters will easily intercept our communications, phishing like the email I have received will only be the beginning. I am starting a website to support this kind of approach.

    This requires legislation, but also requires technology. Like the one developed by Amteus. But there are many other.

    I hope that the people with vision that have given to the internet a view that will promote freedom and cleanliness, like John Perry Barlow will help this company to succeed in a very honorable project.

    It is very distressing these days what is going on with the Internet. Hopefully companies like Amteus Plc that are bringing a technology to overcome this problem of snooping, spam, phishing etc.. will survive attacks from those that hide behind anonimity.

    Ramon Leonato