Author Topic: Microsoft Points Out 'High-Priority' Patches  (Read 1498 times)

MrX

  • Member
  • **
  • Posts: 403
  • Kudos: 0
Microsoft Points Out 'High-Priority' Patches
« on: 7 March 2005, 20:32 »
March 7, 2005
nEwZ BrOuGhT tO yOu By Mr X !

From http://www.eweek.com/article2/0,1759,1761896,00.asp
Quote

 Microsoft on Tuesday released 12 advisories to cover 17 security flaws in a range of products, including high-priority patches for Internet Explorer, Windows Media Player, Windows Messenger and MSN Messenger.

The February batch of patches includes eight "critical" fixes, and Microsoft officials say IT administrators should prioritize and deploy patches for four potentially dangerous code-execution holes.
ADVERTISEMENT

Stephen Toulouse, program manager at the Microsoft Security Response Center, told eWEEK.com that the company has identified the four "high-priority" patches because of the availability of public exploits that target those holes.

The four are MS05-009, which affects PNG processing in the media player and instant messaging software; MS05-010 for a flaw in the Windows license logging service; MS05-011 for a bug in the Windows Server Message Block; and MS05-014, which is a cumulative fix for the IE browser.

"If you're applying these patches manually, you should prioritize these four," Toulouse said, warning that a successful attack could cause major damage within a network.

He said the Internet Explorer fix, which has been under development since last October, addresses the previously reported high-risk vulnerabilities that could allow system hijack, cross-site/zone scripting and security bypass.

The IE update affects users of Windows 98, Windows ME, Windows 2000 Service Pack 3 and Service Pack 4, Windows XP Service Pack 1 and Service Pack 2, Windows Server 2003.

eWEEK.com Special Report: Keeping Pace with Microsoft's Patches

According to Microsoft, the IE fix corrects a drag-and-drop flaw that puts users at risk of PC hijack; a URL decoding zone spoofing vulnerability; a DHTML Method heap memory corruption bug; and a cross-domain vulnerability in CDF (Channel Definition Format).

Toulouse also urged Windows users to prioritize and apply patches for the PNG processing flaw that affects Windows Media Player 9 Series, Windows Messenger 5.0, and Microsoft Messenger 6.2 and 6.2.

"An attacker could try to exploit the vulnerability by constructing a malicious PNG that could potentially allow remote code execution if a user visited a malicious Web site or clicked a link in a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system," Microsoft warned in the advisory.


go see this http://www.eweek.com/article2/0,1759,1764112,00.asp
http://computerworld.co.nz/news.nsf/0/A60A75557BA586FCCC256FA400106150?OpenDocument&pub=Computerworld

http://www.theage.com.au/news/Breaking/Exploits-released-for-MSN-flaw/2005/02/11/1108061857472.html?oneclick=true
Quote
The author of one sample of exploit code said it had been tested on MSN Messenger 6.2.0137 and could be exploited on Windows 2000 and Windows XP, no matter what service pack had been applied.



now we know how to get microshaft to release fixes really fast. publish the vulnerabilities and a newbie how-to guide on a popular internet site!!!

Mr X

Aloone_Jonez

  • Administrator
  • Member
  • ***
  • Posts: 4,090
  • Kudos: 954
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #1 on: 7 March 2005, 20:38 »
Same old story - a patch to pach a patch to a patch to patch a...

program manager :D isn't that the Windows 3.x shell?
This is not a Windows help forum, however please do feel free to sign up and agree or disagree with our views on Microsoft.

Oh and FUCKMicrosoft! :fu:

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #2 on: 7 March 2005, 20:54 »
how come they always release tons of fixes at once? this always makes me think the vulnerabilities have mostly been known for a long time, but they just couldn't be arsed to fix them.
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

E-61993

  • Newbie
  • *
  • Posts: 6
  • Kudos: 10
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #3 on: 9 March 2005, 22:10 »
I agree with you. They always have 4+ updates at a time. unfortunally i am forced to use windows. I do have linux on my computer too. Whenever i get an update it is a bunch of them at once. Why do they even bother to come out with updates to IE. IE is just one giant hole and they are slowly patching it.Once their sales are down to one copy of windows a day they will be forced to admit that windows sucks and they always knew it. I have compared linux to windows and Win XP looks somwhat like linux. MICROSOFT SUCKS!!!!!!:fu::fu::fu::fu:

Calum

  • Global Moderator
  • Member
  • ***
  • Posts: 7,812
  • Kudos: 1000
    • Calum Carlyle's music
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #4 on: 10 March 2005, 16:05 »
who forces you to use it incidentally?
visit these websites and make yourself happy forever:
It's my music! | My music on MySpace | Integrational Polytheism

Brandon Paddock

  • Member
  • **
  • Posts: 22
  • Kudos: 0
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #5 on: 11 March 2005, 09:44 »
Quote from: E-61993
I agree with you. They always have 4+ updates at a time.

Yeah, because they always release updates on the first Tuesday of the month. Notice that there were none this month. So what's your point? Firefox released 19(!!!) security updates all at once just a little over a week ago (in version 1.01). But I don't see you complaining about that.
 
Quote
unfortunally i am forced to use windows.

At gun point, no doubt.
 
Quote
I do have linux on my computer too. Whenever i get an update it is a bunch of them at once.

So now you're saying that Linux is just like Windows in that respect... okay?
 
Quote
Why do they even bother to come out with updates to IE.

Think on the absurdity of that question(statement?). You really don't know why they fix security flaws in the world's most popular web browser? The single most prominent attack surface ever to exist? Give me a break.
 
Quote
IE is just one giant hole and they are slowly patching it.

Just like every other internet-exposed application.
 
Quote
Once their sales are down to one copy of windows a day they will be forced to admit that windows sucks and they always knew it.

Yes. Thousands of the smartest, most hard-working people in the world who have spent years or even decades putting their blood, sweat, and tears into their work to build the best product they possibly can... will all decide to give up because you said their work "sucks," without giving a single reason why.
 
And yes, I'm sure sales of Windows are about to take a huge decline. Tomorrow. Because of all those wonderful and viable alternatives that offer a better experience or value :rolleyes:
 
Quote
I have compared linux to windows and Win XP looks somwhat like linux.

Well then praise be to heaven for the all-knowing decider of things has spoken.
 
Seriously... you... you did what?? I don't even know what you're saying there.
 
Are you saying Linux looks like Windows? Well yeah, most of the common WMs (KDE, Gnome, fvwm, etc.) all try to look like Windows (taskbar + "start" menu). In fact, there isn't a single interface that I've ever seen for Linux that doesn't try very hard to look like something else. Most of them these days look like Windows, but plenty of them follow NeXT (AfterStep, Enlightenment, etc).
 
I don't see how that's an advantage for Linux... that it is trying to be like Windows. Desktop Linux suffers from a complete lack of innovation. There's no ambition. There's no drive to do anything new. It's all about trying to be "almost as good" as the mainstream, but cheaper. But our society understands the "get what you pay for" axiom, and on the whole, we're not poor.
 
It's like saying a double-wide is superior to a victorian house. Sure, the double-wide is buttloads cheaper. But it isn't as nice, secure, or well-built. It certainly won't last as long. It does all the basics that a house does... it has rooms, a place to sleep, a place to cook. It has a roof and a floor. But it's not as expandable. It can't do everything the house can.
 
Sure, it has one advantage... It's free from the confines of a solid and fixed foundation.
 
I know which I'd choose, given a choice.
Cerebro - Windows XP Media Center Edition 2005
Lappy - Windows XP Tablet PC Edition 2005
DevServer - Windows Server 2003 x64
RobTheRouter - FreeBSD 5.3

Laukev7

  • VIP
  • Member
  • ***
  • Posts: 2,834
  • Kudos: 495
Re: Microsoft Points Out 'High-Priority' Patches
« Reply #6 on: 11 March 2005, 12:59 »
If as you say, people want quality, they would buy Macs.

Though presumably that will come as people get more exposed them.