Microsoft Plugs "Drive-By" and 14 Other Holes

CWmike writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel, and Word, including one that will probably be exploited quickly by hackers. None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.' Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows except Windows 7 and its server sibling, Windows Server 2008 R2. 'The Windows kernel vulnerability is going to take the cake,' said Andrew Storms, director of security operations at nCircle Network Security. 'The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario.' Richie Lai, the director of vulnerability research at security company Qualys, agreed. 'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'"

Re:Yay, tight integration of browser with OS...

[eldavojohn]

"Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver."

Anybody else think something is integrated with something else in a deeply, deeply wrong way here?

I most certainly do! This is unfair! When will Firefox and Opera have such privileged access to kernel space. It results in a bad user experience when the Javascript code I slave over can only help you manage your user files, registry keys and kernel libraries if you're using IE.

Yours truly,

Crafty McStealsYourShit

Fourteen?

[paimin]

I, for one, have been getting my hole plugged by Microsoft for a good twenty plus years now.

So sore.