Author Topic: MS's 3rd monthly patches a failure  (Read 848 times)

Xeen

  • VIP
  • Member
  • ***
  • Posts: 1,065
  • Kudos: 55
MS's 3rd monthly patches a failure
« on: 14 January 2004, 19:27 »
Today MS released a set of monthly patches. They started the monthly system in October, released a second set in November, but failed to do so in December because they claimed they weren't able to finish the patches in time and preferred to wait for January. Note that that came only one week after Bill Gates criticized Open Source for not delivering patches fast enough.       :rolleyes:      

Well today they released what should be 2 months worth of patches, but failed to release one for one of the most important security bugs.

     
quote:
Microsoft Corp.'s latest round of software patches fails to fix a flaw in its Internet Explorer Web browser that makes it easier for online criminals to dupe people into disclosing their credit card numbers, passwords and other private data.

 The flaw lets criminals control the information displayed in the address bar of Explorer's browser window. It was most recently used to trick people into visiting a forged version of the Citibank Web site. Once there, users were prompted to share personal identification and credit card account numbers. Citibank today warned people to steer clear of an e-mail that links to the fake site.

Security experts said that the flaw is easy to exploit. "I could teach any grade school kid how to do it," said Ken Dunham, malicious code manager for Reston, Va.-based security company iDefense. "I'm very concerned for the Internet public at large because this is one of the most dangerous trends we've seen emerge."


In a statement concerning the fact that they didnt release this important patch, here's what MS had to say:

   
quote:
An article on Microsoft's website offers consumers an easy, if drastic, workaround in the meantime: simply abandon the whole hypertext thing altogether. "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them," the company advises. "Rather, type the URL of your intended destination in the address bar yourself."


     :eek:          :eek:          :eek:          :eek:          :eek:    


Also announced today was a security bug in the Microsoft Data Access Components program in Windows.

http://www.theregister.com/content/55/34863.html

[ January 14, 2004: Message edited by: xeen ]


rklesla

  • Member
  • **
  • Posts: 28
  • Kudos: 0
MS's 3rd monthly patches a failure
« Reply #1 on: 14 January 2004, 19:46 »
It takes microsoft about 2 months to understand there own code long enough to figure out how to "fix" it.

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
MS's 3rd monthly patches a failure
« Reply #2 on: 14 January 2004, 20:49 »
No they have to figure out the code because they didnt write it, they found it in University Trashcans, and brought some of it, and stole all the rest.

WMD

  • Global Moderator
  • Member
  • ***
  • Posts: 2,525
  • Kudos: 391
    • http://www.dognoodle99.cjb.net
MS's 3rd monthly patches a failure
« Reply #3 on: 15 January 2004, 00:59 »
quote:
Originally posted by X11: doogee.is.dreaming.org:
No they have to figure out the code because they didnt write it, they found it in University Trashcans, and brought some of it, and stole all the rest.


I guess that sums it up pretty well.  :D

I actually have a good portion of the XP source code, but it's in ASM format.  :(   I wouldn't be able to read it either way.  :(
My BSOD gallery
"Yes there's nothing wrong with going around being rude and selfish, killing people and fucking married women, but being childish is a cardinal sin around these parts." -Aloone_Jonez

hm_murdock

  • VIP
  • Member
  • ***
  • Posts: 2,629
  • Kudos: 378
  • The Lord of Thyme
MS's 3rd monthly patches a failure
« Reply #4 on: 15 January 2004, 06:25 »
THAT'S PRETTY COOL
Go the fuck ~

Kintaro

  • Member
  • **
  • Posts: 6,545
  • Kudos: 255
  • I want to get the band back together!
    • JohnTate.org
MS's 3rd monthly patches a failure
« Reply #5 on: 15 January 2004, 21:47 »
INDEED IT IS