We received reports this morning that a security researcher had found a bug in the IE7 Beta 2 Preview release. This issue reportedly crashes IE and is exploitable to execute arbitrary code on the user's computer. Naturally, we take the security of IE and our users' safety very seriously, so we investigated immediately. We did confirm that the bug crashes IE. However, we did not find that the bug was exploitable by default to elevate privilege and run arbitrary code.
This bug had already been found during our code review and analysis that is a mandatory part of our development process; it was scheduled to be fixed before our next public release. We do not believe this bug is easily exploitable, and as an extra defense, the/GS flag also catches the overrun. This is a compiler flag that tells Windows to watch for some classes of buffer overflows. If Windows sees a problem, it kills the application, in this case IE, instead of running the exploit code. While this is certainly not our primary line of protection, it does offer defense-in-depth to help keep our customers secure.
At this time, we are not aware of any active exploits taking advantage of this bug. We will continue to monitor the situation and evaluate our response.
Finally, I'd like to reiterate the importance of the responsible disclosure of security issues. We firmly believe that privately disclosing security issues to software vendors is the best way to keep the users of the world secure. To report a security issue against any Microsoft product, please contact secure@microsoft.com. For other feedback on IE7, please use the methods Jason mentioned yesterday.
It's a BETA. But hell, it's Microsoft, and this is Slashdot... lets crucify MS (whoops, sorry around here it's M$, didn't PennyArcade touch on that once...).
One quick google search using "outlook calendaring open source" yielded this among other items:
http://openconnector.org/
Have you USED openconnector before? It's in early Alpha, and requires a whole lot more than Sendmail (as the original poster mentioned, but hey, it's Microsoft bashing, so it's OK not to read the OP right?)
Who needs to resurrect messages from a corrupt data store?
I've been managing Exchange since 5.0. I can count the number of times I've had to rescue anything from a corrupt data store on two fingers (in 12 years). Each time only took a few minutes cause I was intelligent enough to follow standard/best practices.
Who needs to figure out how to keep the mail server running once you've filled the disks with a massive file that you can't move to a larger disk (because it's being accessed)?
Again, if one were to follow standard best practices, this ISN'T an issue. It's also readily apparent you've never used Exchange before, because moving mailboxes is simple. VERY simple. Move to a new storage group, or even a new server with a couple of mouse clicks. Yes it is that easy. Again, hell it's bashing Microsoft, so don't let little things like the truth get in your way m'kay?
Who needs to figure out why people intermittently can't connect to the Exchange server anymore when all the licenses are used?
Licensing is part of the Microsoft world, it's not that difficult. Nor does it take much time. Most companies that use MS products know how licensing work...
Who wants to figure out how to upgrade from SBS to an even more expensive version of Exchange (only to find out that you can't "upgrade")?
You know how easy it is to add new Exchange servers to an SBS Exchange environment? Very. Buy a new copy of Exchange an add to the SBS Exchange org.
Exchange is a fine product for some limited settings. For the rest of us, there are feature-for-feature open source alternatives that will work with Outhouse. They don't entail rediculous licensing problems inherent in Exchange and are engineered better.
If that really was the case, why are not more people moving to them...
Never mind the fact that your install of Sendmail doesn't have 1/5th the features of Exchange 2003 that most companies use quite often and are dependent on.
Who needs calendaring?
Who needs wireless email?
Who needs single instance storage?
I can go on and on... Sendmail is good as a mail gateway service, but not much else for a real company.
Perhaps if small businesses like the one you worked for bothered investigating Select and Enterprise agreements (which do exist for even smaller companies) the costs for upgrades is very small over three years.
Give me a break, IE 4.0 was far superior to Netscape 4.0. It rendered a lot faster, it was a lot more stable, it used less memory and it "felt" a lot snappier.
Hate Microsoft all you want, but IE 4.0 was the superior browser at the time.
This guy proves he is once again off his rocker.
IE 7, even in beta (with the latest builds of Vista), is a damn fine browser. Better than even Firefox/Mozilla dare I say it.
Microsoft's browser team is doing just fine on its own.
Bottom line, the owners manual STATES IN CLEAR ENGLISH, DO NOT PUT THE POWER SUPPLY IN AN ENCLOSED AREA OR ON A CARPET.
Guess where the people that are whining put their Power Supply.
I have to wonder why you had to say Xbox-3-POS-0 power supplies, but didn't have to attack any of the other products...
Seems like some members of the press don't understand coding. You can't just go and patch everything. Regression testing? Making sure all the changes work as needed without impacting other subsystems.
Do you really think if Microsoft COULD do it, they wouldn't.
Slashdot Mirror
I don't see what the big deal is, both Linux and MacOS get patched. Some more often than others...
Oh great not do I only have to worry about slow Java apps on my blackberry, computer and what not, now it's going to infect my DVD watching as well?
Did you even bother to read the IE Blog? of course not, it's much better just to slam Microsoft, because you don't like em...
/GS flag also catches the overrun. This is a compiler flag that tells Windows to watch for some classes of buffer overflows. If Windows sees a problem, it kills the application, in this case IE, instead of running the exploit code. While this is certainly not our primary line of protection, it does offer defense-in-depth to help keep our customers secure.
else you would have seen: http://blogs.msdn.com/ie/
Which just so happens to mention:
We received reports this morning that a security researcher had found a bug in the IE7 Beta 2 Preview release. This issue reportedly crashes IE and is exploitable to execute arbitrary code on the user's computer. Naturally, we take the security of IE and our users' safety very seriously, so we investigated immediately. We did confirm that the bug crashes IE. However, we did not find that the bug was exploitable by default to elevate privilege and run arbitrary code.
This bug had already been found during our code review and analysis that is a mandatory part of our development process; it was scheduled to be fixed before our next public release. We do not believe this bug is easily exploitable, and as an extra defense, the
At this time, we are not aware of any active exploits taking advantage of this bug. We will continue to monitor the situation and evaluate our response.
Finally, I'd like to reiterate the importance of the responsible disclosure of security issues. We firmly believe that privately disclosing security issues to software vendors is the best way to keep the users of the world secure. To report a security issue against any Microsoft product, please contact secure@microsoft.com. For other feedback on IE7, please use the methods Jason mentioned yesterday.
- Tony Chor
It's a BETA. But hell, it's Microsoft, and this is Slashdot... lets crucify MS (whoops, sorry around here it's M$, didn't PennyArcade touch on that once...).
Why not? Every release of Firefox/Mozilla/Etc. was...
What a bunch of hypocracy.
When Microsoft did the same, they were EVIL.
Once it's free?
Looks like you'll never be playing then
Oh well. Medivh was my "home world" too, till I gave up WOW.
There are LOTS of other similar hardware PC's out there for less money. Apple has claim to nothing other than a limited upgradabiltiy all in one unit.
Lets get something correct, MacOS X is NOT Open Source. Never has been, never will be. Yes, Darwin may be, but MacOS X is not totally Darwin.
Not to mention Apple DID NOT invent WebObjects, they BOUGHT WebObjects.
Is all three of those worms/trojans flaws were fixed by patches that were out, in some cases months, before the release of the attack vector.
24 doesn't have dubious social agendas??? Are you sure you actually WATCH 24?
And yet with all these problems it's still a lot better than 99% of the crap on TV.
Hell you wanna see bad? just watch 24 or Lost...
One quick google search using "outlook calendaring open source" yielded this among other items: http://openconnector.org/
Have you USED openconnector before? It's in early Alpha, and requires a whole lot more than Sendmail (as the original poster mentioned, but hey, it's Microsoft bashing, so it's OK not to read the OP right?)
Who needs to resurrect messages from a corrupt data store?
I've been managing Exchange since 5.0. I can count the number of times I've had to rescue anything from a corrupt data store on two fingers (in 12 years). Each time only took a few minutes cause I was intelligent enough to follow standard/best practices.
Who needs to figure out how to keep the mail server running once you've filled the disks with a massive file that you can't move to a larger disk (because it's being accessed)?
Again, if one were to follow standard best practices, this ISN'T an issue. It's also readily apparent you've never used Exchange before, because moving mailboxes is simple. VERY simple. Move to a new storage group, or even a new server with a couple of mouse clicks. Yes it is that easy. Again, hell it's bashing Microsoft, so don't let little things like the truth get in your way m'kay?
Who needs to figure out why people intermittently can't connect to the Exchange server anymore when all the licenses are used?
Licensing is part of the Microsoft world, it's not that difficult. Nor does it take much time. Most companies that use MS products know how licensing work...
Who wants to figure out how to upgrade from SBS to an even more expensive version of Exchange (only to find out that you can't "upgrade")?
You know how easy it is to add new Exchange servers to an SBS Exchange environment? Very. Buy a new copy of Exchange an add to the SBS Exchange org.
Exchange is a fine product for some limited settings. For the rest of us, there are feature-for-feature open source alternatives that will work with Outhouse. They don't entail rediculous licensing problems inherent in Exchange and are engineered better.
If that really was the case, why are not more people moving to them...
Apparently you haven't touched a Tablet PC as of late. Since SP2, Windows for Tablet PC's has been QUITE good.
A wee bit behind the times no?
Never mind the fact that your install of Sendmail doesn't have 1/5th the features of Exchange 2003 that most companies use quite often and are dependent on. Who needs calendaring?
Who needs wireless email?
Who needs single instance storage?
I can go on and on... Sendmail is good as a mail gateway service, but not much else for a real company.
Perhaps if small businesses like the one you worked for bothered investigating Select and Enterprise agreements (which do exist for even smaller companies) the costs for upgrades is very small over three years.
Give me a break, IE 4.0 was far superior to Netscape 4.0. It rendered a lot faster, it was a lot more stable, it used less memory and it "felt" a lot snappier. Hate Microsoft all you want, but IE 4.0 was the superior browser at the time.
This guy proves he is once again off his rocker. IE 7, even in beta (with the latest builds of Vista), is a damn fine browser. Better than even Firefox/Mozilla dare I say it. Microsoft's browser team is doing just fine on its own.
I didn't know there were major highways with automobiles running around on them back when the lights first were seen...
Helllloooo fanboi.
Bottom line, the owners manual STATES IN CLEAR ENGLISH, DO NOT PUT THE POWER SUPPLY IN AN ENCLOSED AREA OR ON A CARPET. Guess where the people that are whining put their Power Supply.
I have to wonder why you had to say Xbox-3-POS-0 power supplies, but didn't have to attack any of the other products...
Actually Intel is already starting the move to 45nm right now and expects to have the first foundries online in 2nd half 2007.
Look, we ain't talking about Unix or Linux here, we are talking about Windows.
Windows wasn't able to do this before, now it is.
What with the kid that keeps thinking that Windows and UNIX are the same and features in each have to mirror each other.
Microsoft already is working on this in IE 7. It's a whole new rendering engine.
Seems like some members of the press don't understand coding. You can't just go and patch everything. Regression testing? Making sure all the changes work as needed without impacting other subsystems.
Do you really think if Microsoft COULD do it, they wouldn't.