Microsoft Patches 19 Flaws, 6 in Vista

Cheesy Balogna writes "Microsoft has just released seven advisories — all rated critical — with patches for at least 19 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser. Six of the 19 vulnerabilities affect Windows Vista. 'There are patches for 7 different vulnerabilities that could lead to code execution attacks against Word, Excel and Office. Users of Microsoft Exchange are also urged to pay attention to one of the critical bulletins, which cover 4 different flaws. A cumulative IE update addresses six potentially dangerous bugs. There are the six that apply to IE 7 on Windows Vista. The last bulletin in this month's batch apples to CAPICOM (Cryptographic API Component Object Model) and could also put users at risk of complete system hijack attacks.'"

Linux patches?

[stevenbdjr]

When are we going to start seeing regular Slashdot postings outlining Linux or other free software security patch releases in the same accusatory tone that the monthly Microsoft security bulletin releases bring? No, I'm not trolling, but I'm getting sick of the clear bias Slashdot editors (and most readers) have when it comes to matters of Microsoft.

(I can feel my karma slipping away, but I couldn't take it anymore).

Re:Linux patches?

[PixieDust]

I invite you to investigate this site which holds no immediate bias in it's reporting of security advisories, patches, problems and exploits. Look at the average turnaround time for patches, fixes, and responses to security problems. You will find out that Microsoft isn't as bad as everyone likes to pretend it is, nor is it's flagship Windows OS. Also to, I find it ironic that whenever someone points out a problem that affects Linux, people are like "But that's not the OS, it's (insert kernel module, driver, app, whatever) that is (insert special circumstance here).", but when it's Microsoft, they're all lumped together as "OMGz! Windoze h4x!". This includes vulnerabilities in Word, and Excel (and something else from the Office Suite, can't remember though atm), and additionally mentions Exchange. Exchange runs on a server platform, but ok, I'm not going to get into semantics on that (I assume they meant Outlook, though even if it was Exchange, it's still a fix, or at least an attempt at one).

I am the first to admit that Microsoft has problems with security, but it's a problem that plagues the entire industry. Linux, Unix, Windows, Mac, websites, forms, applications, EVERYTHING. It's a problem in how the industry approaches security. It goes far beyond Microsoft. The entire industry has this "Get it working now, patch it later" mentality. It's the "Default Allow" instead of "Default Deny" approach. There is NO reason Buffer Overflow attacks should work... EVER. Period. How hard is it to check your buffers, and make sure you're handling them properly? Very sloppy. Microsoft certainly isn't the best, but they're far from the worst. Don't believe me? Check that website, and all the security advisories for the past few years, and you will notice and interesting trend.

Re:No flaws in Vista itself, all 6 in IE7

[aichpvee]

I'm calling bullshit. Microsoft has been saying for 10 years that IE is INSEPARABLE from Windows. Any flaw in IE is a flaw in Windows. Because either you believe Microsoft or you stop your cheerleading and admit that Bill Gates and all the other execs at Microsoft are liars and that the feds should have broken the company up into a hundred little Microsofts.