Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Plugs a Record 26 Security Holes

Posted by ryuzaki0 on from the there's-another-one dept.

An anonymous reader writes "Microsoft today released ten patches to fix at least 26 separate security holes, including a whopping 16 flaws in Microsoft Office and its constituent apps. According to Washingtonpost.com's Security Fix blog, this is the most number of patches ever released by Redmond outside of a Windows service pack. Also of note, six of today's updates apply to fully patched Windows XP systems, and two of the flaws are actually present in Windows Vista."

5 of 200 comments (clear)

  1. It's not how many were patched... by rjamestaylor · · Score: 3, Insightful

    It's how many remain that's important.

    And, how many were created in the making of the 26 patches?

    --
    -- @rjamestaylor on Ello
  2. Apple's last patch fixed 24 and was over 200 MB. by MSFanBoi2 · · Score: 5, Insightful

    So, at least Microsoft is fixing them.

    Microsoft has bugs, people complain.

    Microsoft fixes the bugs, people complain.

    Apple releases an incremental update to OS X 10.2 to 10.3 and charge you for it ($129.00), and when they release a MASSIVE update in September, not a peep of complaints...

  3. Re:DISASTROUS NEWS ! by truthsearch · · Score: 4, Insightful

    Let's not forget that we'll never know exactly how many total exploits IE really has. Microsoft may know of 100 more that they simply haven't disclosed. We'll never know. But anyone can inspect Firefox. Don't think that simply because IE has less publicly documented exploits that it's more secure. Unless you work for the software vendor, you will never really know how secure any proprietary software is.

    Also look at how quickly Microsoft fixes security vulnerabilities. They've let major holes exist for 3 years or more. Even if they have fewer vulnerabilities it's almost irrelevant if they don't fix the ones they have.

    It's a more complex issue that simply how many vulnerabilies each camp discloses.

    --
    Developers: We can use your help.
  4. Re:The only vista on my OS horizon: Ubuntu by drsmithy · · Score: 3, Insightful

    Almost any OS that is free... After all, it is hard to argue that Ubuntu (for example), should be flawless when it costs nothing and is in fact shipped out at someone else's expense if one asks for a few sets of the install discs.

    So if it's free it can't suck ?

    How about all those versions of Linux that *aren't* free ?

    Why waste money on a bigger, slower, pile of crapware from Microsoft when it offers nothing substantial in the way of practical improvements over the mess that is XP?

    It offers masses of "substantial, practical improvements". The important question people need to ask is if any of those are important enough to them to upgrade.

    What I'm reading these days is that the Vista release is being given the yawn treatment by many IT professionals.

    IT professionals are waiting for a) the server-side complement to Vista and b) the early rounds of bugs to be shaken out.

    In fact, I'm worried that security will be much worse on Vista than it is on XP since 3rd party security vendors are being prevented by Microsoft from hooking in at the level their code needs to run at to be most effective. I don't trust Microsoft to handle security issues. It has a pathetic track record. The programmers at MS clearly don't understand their own code.

    Sounds to me like you're buying into the standard anti-Windows and anti-Microsoft FUD.

  5. Re:DISASTROUS NEWS ! by stonedonkey · · Score: 3, Insightful

    I remember when Windows 95 came out, with its weak, obviously-an-afterthought "web browser" (IE 3.0). It was painfully obvious that Microsoft had missed the Internet boat, and shortly thereafter, Bill Gates sent his historic all-hands memo pointing the company in the direction of the Internet.

    [Hi, my name is Stonedonkey. I noticed that your extremely shitty post got marked "5 interesting." My notations will be in brackets. Enjoy!]

    It took them some time to get it right, but eventually IE took over.

    [By being bundled into every version of the OS for the last ten years.]

    Now, you'd have a hard time finding a Microsoft product more complex than Minesweeper or calc.exe that doesn't connect to the Net somehow.

    [Specious exaggeration that isn't really relevant.]

    And let's not forget that Netscape provided Microsoft with some much-appreciated help in taking over the Web, by screwing up their own release schedule so badly that there never was a Netscape 5.0.

    [IE won because of its default desktop placement.]

    Flash-forward to a couple of years ago, when Bill sent out yet another all-hands memo, pointing the company in the direction of security. At first, we all laughed. But now it's becoming more and more obvious that they're taking security every bit as seriously as they once took the Internet. They are aiming to be the top of the heap in security, and they've got drive, ambition and aggression.

    [In what sector? Desktop consumers? Can you provide some supporting material for all these pronouns?]

    Make no mistake, this kind of event is exactly what a company that wants to get secure should be doing. Thomlinson's comments about how seeing their code exploited "hits people in the gut", and the fact that "he was glad to see the crowd of engineers taking things personally" -- these things are right on the money. These things say to me that, within a few years, we're going to see some really damn secure stuff coming out of Microsoft.

    [That's great. But right now, I can get superior software for free. Then again, you didn't specify what sector you're talking about, so I can't say for sure.]

    In the meantime, Firefox exploits are cropping up at a seemingly greater pace. This worries me.

    [See the other guy's response about open source.]

      It looks like a repeat of 1997, when Netscape lost huge amounts of ground to IE by producing a product that wasn't as good as the competition.

    [There you go again, glossing over IE's default inclusion.]

    SP2 was huge leap forward in security for Windows and for IE, and Blue Hat makes it obvious that Microsoft is just going to get better at it.

    [Oh, shut yo mouth. SP2 was not a "huge leap forward." Not when MS was so far behind to begin with. It sealed some painfully obvious cracks, but I wouldn't hand them any trophies for it.]

    In the meantime, Firefox appears to be standing still on the security front, or maybe even losing a little ground.

    [A little subjective. Is your assured tone suppose to make your reaction generalizable and trustworthy?]

    Sure, it's still miles ahead of IE's security, but if IE keeps up the pace, it will overtake Firefox sooner or later -- probably sooner.

    [This is a contradiction. Or, at best, a back-handed compliment.]

    Is there any way the Firefox development team (and the OO.o team, and anyone else who's working on high-profile F/OSS projects) can take a lesson from Blue hat? Can we get together events like this of our own?

    [Will it be another failure of open source if we don't? Should I be surprised when you sieze that "failure" as an example of some larger and wholly imagined problem?]

    If we don't, I can already see that by 2009 or so, at the latest, I'll be telling clients to go with Microsoft products, because they're more secure than F/OSS.

    [Suit yourself, Nostradamus. Maybe by then Microsoft will "share" some of its code to assuage your worries. By the way, how in the flaming fuck do you make the leap from "Mozilla" to "F/OSS"? I'm sorry, but that's pure jackassery, pal.]

    And I don't want to see that happen.

    [In that, we agree.]