Today MS released a set of monthly patches. They started the monthly system in October, released a second set in November, but failed to do so in December because they claimed they weren't able to finish the patches in time and preferred to wait for January. Note that that came only one week after Bill Gates criticized Open Source for not delivering patches fast enough. :rolleyes:
Well today they released what should be 2 months worth of patches, but failed to release one for one of the most important security bugs.
quote:
Microsoft Corp.'s latest round of software patches fails to fix a flaw in its Internet Explorer Web browser that makes it easier for online criminals to dupe people into disclosing their credit card numbers, passwords and other private data.
The flaw lets criminals control the information displayed in the address bar of Explorer's browser window. It was most recently used to trick people into visiting a forged version of the Citibank Web site. Once there, users were prompted to share personal identification and credit card account numbers. Citibank today warned people to steer clear of an e-mail that links to the fake site.
Security experts said that the flaw is easy to exploit. "I could teach any grade school kid how to do it," said Ken Dunham, malicious code manager for Reston, Va.-based security company iDefense. "I'm very concerned for the Internet public at large because this is one of the most dangerous trends we've seen emerge."
In a statement concerning the fact that they didnt release this important patch, here's what MS had to say:
quote:
An article on Microsoft's website offers consumers an easy, if drastic, workaround in the meantime: simply abandon the whole hypertext thing altogether. "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them," the company advises. "Rather, type the URL of your intended destination in the address bar yourself."
:eek: :eek: :eek: :eek: :eek:
Also announced today was a security bug in the Microsoft Data Access Components program in Windows.
http://www.theregister.com/content/55/34863.html[ January 14, 2004: Message edited by: xeen ]
