Posted on 01/24/2005 5:32:12 PM PST by holymoly
Antivirus specialist GeCad Net is warning that it has found a problem with Microsoft's most recent software patch for Windows.
The Bucharest, Romania-based security service provider said that a critical patch issued by Microsoft in its MS05-001 bulletin earlier this month fails to resolve all of the security issues surrounding the HTML Help ActiveX control in Windows. Microsoft distributed the fix, along with additional security updates, to address the threat of attackers placing and executing malicious programs such as spyware on affected computers.
GeCad, which sold its antivirus software business to Microsoft in 2003, said that the patch has not addressed at least one so-called attack vector, or weakness, that could allow an exploit of the HTML Help ActiveX control vulnerability.
A Microsoft representative said Monday that the Redmond, Wash.-based company is already working to close the loophole reported by GeCad, and emphasized that the January patch had fixed the original reported problem.
"Microsoft issued an update to address a vulnerability in the HTML help control in Windows, and this update does protect against the publicly reported vulnerability," the representative said.
Moreover, the software maker disagreed that it overlooked a potential exploit with its patch. Instead, it said that the problem is a new flaw in HTML Help control that was not tackled in the update.
"Microsoft has been made aware of a publicly reported exploit of a different vulnerability than the one addressed," the representative said. "This vulnerability could be exploited in such a way as to cause the HTML Help control to execute code on a user's computer."
Microsoft did not say whether the fix would be released before its February patch bulletin.
GeCad said it is not disclosing technical details of the attack method right now for "security reasons." Microsoft has butted heads with security researchers in the past when they have disclosed information about flaws before the company has been able to patch them.
The antivirus company said the potential for attack is opened up if a computer is updated with Microsoft's Windows XP Service Pack 1 or Windows 2000 Service Pack 4, along with the most recent security patches. It also noted that updating with Microsoft's Windows XP Service Pack 2 seems to prevent the problem.
In 2003, Microsoft purchased GeCad Software, GeCad's antivirus software development business, but the remaining company continues to operate as a security researcher and consultancy. Microsoft is expected to release its own antivirus software sometime later this year.
In other news, the sun rose in the East today.
No matter how much Microsoft tap dances around the truth, it's still "overlooking the problem" as far as I am concerned.
ping
If Microsoft wants to keep their Monopoly, they need to fix their crapola.....
Saw this story on Cnet an hour ago or thereabouts.
This is just about the straw that broke the camel's back. The Mac mini appealed to me on a geek level before, and now I seriously want one.
Ha! Laugh while you can,
monkey-boy! Planet X moves
closer every day!
"We have mentioned that Planet X will do a 270° Roll to position itself in a side-by-side magnetic alignment with the Sun as it passes through the Ecliptic. The S. Pole of Planet X is slung away, positioned along the magnetic flow lines, and this continues until Planet X is almost horizontal, at the Ecliptic. This momentum continues for a 270° roll where Planet X will be aligned side-by-side, with its N. Pole pointing North. During this 270° roll, the Earth, as the lesser magnet in this dance, is greatly affected. It is today tilting toward the Sun and leaning toward Planet X, in the Tilt and Lean we have described, to accommodate the increased flow of magnetic particles in the vicinity of Planet X, attempting to line up end-to-end with Planet X, while simultaneously attempting to continue its side-by-side alignment with the Sun. Thus torn between two different dictates, the Earth has developed a Wobble. The Egyptians relayed to Plato that in the past the Sun rose from the West, during times of great catastrophe, and prophecy predicted this for the coming cataclysmic times. If we have predicted such a horrific pole shift for the Earth, after a week of rotation stoppage, would the Earth not be horrifically affected if stood on its head so the Sun would be seen rising in the West?"
[Sunrise West]
That IS their monopoly.
Speaking of Firefox,.....
Is there much or any difficulty changing over from IE to Firefox? Would it fiddle with or change many of my settings, favorites, connection with my local broadband provider (Charter) etc?
Any suggestions on how to do it without driving myself insane?
Would it speed up my surfin' 'n browsing?
Advice, opinions?
I must be dyslexic because I read this as "expertly made slaw-dogs at window...catch"
Ping for later reading
ROFL
Microsoft produces unstable, insecure garbage!
Why do you continue sending Bill Gates your money? Why does their crapware have even a 10% market share?
Open your eyes. There is a whole 'nother world of computing out there if you dump the Microsoft bilge overboard.
-ccm
Ha! You fool! Planet X is under MY control! All the universe shall be under my domination! Muhahahaha!
Then drop the hammer! Every day as you sit down to use the computer, you will grin at the lemmings still flailing and floundering with Redmond crapware.
-ccm
The biggest obstacle is your fear. Once you start using it you'll realize it works exactly the same except it has a few really cool things that are darn useful anyway, and that all the shortcuts and hotkeys are the same, so there's almost nothing to re-learn. Plus you get the added bonus of being able to conduct normal web surfing activity without fear of being hacked, trojaned, virused, or otherwise attacked through it.
And now I'm hungry for a slaw-dog or two.
#1 experts warn businesses against Firefox since it can't run ActiveX
#2 Microsoft still hasn't fixed the latest ActiveX security hole in IE
Which makes Firefox not running ActiveX a GOOD thing
Many years ago I corresponded with Richard Smith, founder of Pharlap, on the old Canopus forum on Compuserve. We shared a common distaste for ActiveX from a security point of view, since ActiveX controls are simply windows programs that can do anything to your PC that any other Windows program can.
We came up with a scenario where an ActiveX control would do exactly what it was advertised to do, say display time and weather info, but in the background would be running a GREP on all available systems that your PC connected to, looking for things like documents with the word "secret" in it. Package those puppies up and send them home to momma over the same link that was feeding the ActiveX control it's time and weather data and no one is the wiser.
To this day I'm still not sure whether it was him or me who first coined the term for that type of computer program. Remember, computer "agents" were the rage at the time. We called the bad ActiveX controls "secret agents."
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.