Microsoft on Tuesday issued three “critical” patches for flaws that could allow a malicious attacker to take remote control of a computer.
Fixes in for critical IE, Windows flaws
About The Author
Eugenia Loli
Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker.
Follow me on Twitter @EugeniaLoli
IE has more security holes than Swiss cheese. I know at least two people who suffered data loss because of ActiveX holes in IE and some experts say that we can expect hundreds of more holes to be discovered in IE. As always patched will be released when its already too late. Sorry, but anyone sane uses Firefox.
“issued three “critical” patches for PUBLIC flaws” while refusing to bother with the hundred others they know are in their product but refuse to do anything about until it is made public…
or until the can ship Longhornix or winBSD
Tinfoil hat placed firmly on head Joe?
that also reminds me of…. SIGNS
or WEIRD SCIENCE of course they used a different hat
http://humorix.org/articles/2004/05/tinfoil/
http://tinfoilhat.shmoo.com/
actually i used tinfoil as a sort of ceiling wallpaper, hope it works…
I hope that things will get better with IE7. Any news about clean-ups in the next release?
you guys keep making fun of microsoft everytime they release something. you guys have no life.
there are MANY security fixes released for linux as well. stop trolling and just comeback to reality. let me remind you how many linux box are root’ed everyday ’cause of exploits.
sure, there are less exploits than 5 years ago, but still. i remember getting the passwd file of any box running apache and getting all the passwords in about 10secs with jack the ripper not so many years ago. it was way easier to root a linux box than a box running nt4+iis, that was weak…
While I will say that it’s a lot easier to bash microsoft on it’s security I will say Good job!
reason I think it’s easier is their flaws are more widely made known in terms of damage(due to more users running into theses issues) and publicity such as this one.
Tho I am glad I use Firefox while I do run windows (which isn’t often)
The ability to update Windows XP with out having IE installed. The ability to uninstall IE and have MSN Messenger work properly. Microsoft to not charge Windows users not running Windows XP for updated versions of IE. Integrated pop up blocker and adware/spyware protection with out costing Windows customers extra for the service.
is drifting towards a slashdot crowd I see… Does anybody know of any other site that is like OSNEWS used to be?
neowin.
no nix fanboys, much less ms-haters, much more intelligent discussion, ect.
i just love osnews for its diversity. of course, i hate most of the people posting here because most of them are biaised and waste their days bashing on everything they dont use.
I bet they do use windows and still bash it. They think bashing windows makes them cool.
I understand it must hurt to have your favourite system leaking like a sieve, but you really don’t lend yourself any credibility by using “get the facts” math..
The only thing I’d have to complain about IE and their “security fixes” are the overly-generic “malicious attacker to take remote control of a computer”. Maybe the lack of confidence in some people could be allieviated if only Microsoft would switch it up a little bit and be more descriptive. I’ve seen dozens of critical patchs that look like they fix the same thing, over and over again. Not very confidence inspiring to me… especially since I do use IE as much as any Mozilla-based browser.
I agree, fanboys do have no life. For example, your fantastic little comments, such as…
sure, there are less exploits than 5 years ago, but still. i remember getting the passwd file of any box running apache and getting all the passwords in about 10secs with jack the ripper not so many years ago. it was way easier to root a linux box than a box running nt4+iis, that was weak…
So, why was the passwd file useful? Did you mean shadow? Shadow passwd has been in use on every distribution I’ve ever used, and that’s not remotely discoverable.
Also, why go wat back to NT4 for a comparison? That was 10 years ago. NT back then couldn’t do much — thus less to exploit — but was still quite fragile from a security perspective. Any check of usenet can easily confirm this.
You seem to protest too much.
In case of patching-day.. What about the last week mentioned w2k rollup update? It should have been released.
Use Firefox and be done with it or use another OS.
Microsoft would do a lot better if they just rewrote IE from the ground up without the problems in it.
Would be much easier to support, would be a lot less egg on their face.
I think they owe it to their customers to not make them vulnerable to this kind of problems, especially since it’s entirely avoidable.
anybody knows of a good website where you can actually learn how to exploit these things?
something like this one (too bad it’s outdated): http://www.malware.com/index2.html
http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us
Same old news…next pleaze
Could someone tell me why everyone is really excited about the IE patch, but not at all about the SMB patch (MS05-027)? The IE hole at least requires some minimal user interaction (visit a page), but the SMB hole is rather wide open. If you can TCP-tickle my box, you can run something on it. How many people are actually behind NetBIOS-blocking firewalls?
-dotMatt
“How many people are actually behind NetBIOS-blocking firewalls? ”
well i would hope EVERYONE is behind a true firewall of some sort nowadays but I would expect that no one that is directly connected would have file and print sharing bound to that interface….
just guessing tho
because ive ripped out some components from windows 2003 with nlite, these patches failed to install.
how can i install the buggy components so i can apply these critical security patches?
I think if you used nLite…then other than reinstalling you are SOL depending on what you ripped out…I nLited my XP and brought down the size of the install using the alpha nLite versions…and other than office 2k3 looking for odbc drivers…i have had no probs…there is a limit to what you can rip out…maybe an error text would help see what you ripped out thats missing that the update requires if you can post it…
does the SMB exploit affect w2k with no service pack?
i seen the patch for
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
or is sans service pack not supported?
You both must be new here. This site as always been flame war central, and it’s not just people bashing Windows, the bashing goes in all directions. EVERY OS gets bashed here, make no mistake about it. Whatever particular OS a person is using when they come here, they only notice when it’s the one getting dumped on. You guys need to cycle through ALL the threads and witness Linux, BSD, Solaris, BeOS, SkyOS… even smaller projects like Haiku and Syllable get abused here.
But hey, for those who truly feel sorry for MS, Windows, Gates…Microsoft does have there own forums where only happy feelgood thoughts about Windows are expressed and where people are proud of being “blue”.
http://www.osnews.com/comment.php?news_id=244