Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Microsoft fixes serious Windows flaws
Cnet News ^ | August 9, 2005 | Joris Evers

Posted on 08/09/2005 2:56:44 PM PDT by Panerai

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer.

Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user.

One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack, said Oliver Friedrichs, senior manager at Symantec Security Response. Two other vulnerabilities, affecting the plug-and-play feature and printing in Windows, could also spell some trouble for users, he said.

An error in the way IE, Microsoft's widely used Web browser, handles JPEG images is especially alarming, according to Symantec. An attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on, for example, a Web site or in an HTML e-mail, Microsoft said in its MS05-038 security bulletin.

"These vulnerabilities can be leveraged by malicious Web sites to install spyware, Trojan horses, bots, or other programs on an unsuspecting user's machine," Friedrichs said.

The other two IE flaws that Microsoft now has fixes for could also allow an attacker to take control of a user's computer. One relates to how the browser handles URLs related to a feature that lets users view file folders in IE. The other deals with the ability of IE to call on other parts of Windows and is similar to a problem patched last month.

(Excerpt) Read more at news.com.com ...


TOPICS: Technical
KEYWORDS: backdoor; bloatware; criticalflaw; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; malware; microsoft; patch; securityflaw; spyware; trojan; trojanhorse; userfriendly; virus; virusbait; windows; worm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-79 next last
To: BibChr
Thanks Dan...as requested (*ahem*):

...if there weren't so many criminals targeting Windows it wouldn't be such a problem. If Apple or Unix were the dominant platform, I guarantee you would see the same level of hacks on those platforms.

41 posted on 08/09/2005 8:18:02 PM PDT by vrwc1
[ Post Reply | Private Reply | To 33 | View Replies]

To: vrwc1

I just have an aversion to willful ignorance; e.g., liberals unfairly and incessantly bashing Bush when in all probability his efforts are keeping their sorry asses from terrorist attacks. Same goes for MSFT bashers; MSFT isn't perfect by any means, but their OS has to operate on combinations and permutations of hardware/application software that dwarfs apple etc. and that isn't easy.


42 posted on 08/09/2005 8:30:06 PM PDT by E=MC<sup>2</sup> (Are liberals born stupid, or do they have to work at it???)
[ Post Reply | Private Reply | To 40 | View Replies]

To: E=MC<sup>2</sup>

I agree. They have absolutely no clue as to how extremely hard what Microsoft does is, and how well they do it in spite of those difficulties. Granted, it's good to push and challenge Microsoft to do better, but geez, the non-stop bashing of some is just childish.


43 posted on 08/09/2005 8:39:53 PM PDT by vrwc1
[ Post Reply | Private Reply | To 42 | View Replies]

To: All
This seems to be a good thread to ask fellow FReepers this question --
My Dell computer has a legit OEM copy of Win XP Home on it. I have decided I want to reformat to clean house, but so far, have misplaced the original discs and haven't yet found them.

A couple of questions -- could I successfully reformat my computer with my wife's OEM Win XP Pro disc from her newer computer? Would I be able to get subsequent Win updates?

We bought both computers new from Dell at different times.

Last question -- Since I have misplaced all my original discs, what do I do for drivers for all the other bits and pieces of hardware inside my computer, since I don't seem to have that disc or discs anymore either?

Thanks in advance for any assistance!

44 posted on 08/09/2005 8:48:14 PM PDT by Babu
[ Post Reply | Private Reply | To 42 | View Replies]

To: Panerai

In a related story, the people killed on 911 should have known better than to work in a tall building that had previously been attacked.

Let's be democrats for a day and blame the victims.


45 posted on 08/09/2005 8:53:59 PM PDT by js1138 (Science has it all: the fun of being still, paying attention, writing down numbers...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Babu
could I successfully reformat my computer with my wife's OEM Win XP Pro disc from her newer computer? Would I be able to get subsequent Win updates?

You could, but the install won't last long, since you will have to activate the OS within a certain number of days, and I seriously doubt the activation will work, and you'll have wasted a lot of time, since it will be unusable. The Dell XP versions are linked to the specific motherboards, I believe. I have two that came with XP pre-installed, and an older machine for which I bought a non-Dell OEM version of XP. The latter asks for re-activation at the drop of a hat; I put a new video card in it yesterday, and as soon as I booted, it told me I had to reactivate. On the Dells with the original install, I've changed/switched hardware several times, with not a peep from XP.

As far as the drivers, etc., all of those can be downloaded from Dell's support website (click on Service & Support, choose "Downloads" and input your service tag number).

You might also try calling or emailing Dell support (include your service tag number) and ask about replacement disks -- it's worth a shot.

46 posted on 08/10/2005 5:58:31 AM PDT by browardchad
[ Post Reply | Private Reply | To 44 | View Replies]

To: Panerai

I use Firefox.

Should I worry?


47 posted on 08/10/2005 6:00:41 AM PDT by Pete'sWife (Dirt is for racing... asphalt is for getting there.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: vrwc1; BibChr
...if there weren't so many criminals targeting Windows it wouldn't be such a problem. If Apple or Unix were the dominant platform, I guarantee you would see the same level of hacks on those platforms.

So tell me--do Yugos and Volvos and Mercedes and Fords all have the same number of defects per car? Does quantity sold indicate quality of product?

Code is exactly the same. "Market share" or number of desktops in existance does not determine the number of hacks available to compromise the code.

48 posted on 08/10/2005 6:08:32 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 41 | View Replies]

To: ShadowAce; vrwc1

Flawed analogy.

Better analogy: does General Motors stay up nights working on ways to compete with Rico Motors' line of passenger cars? Do they come up with ways to make Rico's Motors' cars break down? Of course not. They focus on the bigs.

Hackers don't focus on the OS's that a relative handful use. But, as recent articles have shown, they're also vulnerable, once the cyberthugs turn their baleful eyes thither.

That's a better analogy. Not friendly to your grudge, maybe, but better.

Dan


49 posted on 08/10/2005 6:17:29 AM PDT by BibChr ("...behold, they have rejected the word of the LORD, so what wisdom is in them?" [Jer. 8:9])
[ Post Reply | Private Reply | To 48 | View Replies]

To: BibChr
But, as recent articles have shown, they're also vulnerable, once the cyberthugs turn their baleful eyes thither.

Yes, they are vulnerable. I freely admit that. I never claimed otherwise. But they're not AS vulnerable. There are FEWER problems with Linux/BSD than with Windows.

50 posted on 08/10/2005 6:21:24 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 49 | View Replies]

To: BibChr
Hackers don't focus on the OS's that a relative handful use.

Another misconception. More people use Linux worldwide (even in the US) than any other OS. Your desktop may run Windows, but I guarantee you that most of the hops your connection makes to any given website use Linux.

If a hacker can exploit Linux, s/he'd bring the whole Net down. That's big. That's fame. That's what the bad guys would do if they could. But the Net's still up and running, isn't it?

51 posted on 08/10/2005 6:24:46 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 49 | View Replies]

To: ShadowAce

I'll break FR debate protocol and admit that, if what you're saying is accurate, you have a good point. I don't know whether it's true, and don't have an answer.

In terms of sales, visibility, and being a tempting target, Windows is pretty much it, though.

Dan


52 posted on 08/10/2005 7:01:10 AM PDT by BibChr ("...behold, they have rejected the word of the LORD, so what wisdom is in them?" [Jer. 8:9])
[ Post Reply | Private Reply | To 51 | View Replies]

To: BibChr
I'll break FR debate protocol and admit that, if what you're saying is accurate, you have a good point.

LOL! After re-reading my posts, I may have come across as totally discounting your point as well. That really wasn't my intention, as (perceived) visibility does play a large role in selection of targets.

What really makes Windows a more tempting target is the ease of exploiting it--not that it has the only exploits. Also, Windows suffers from a basic design flaw--everyone and every process tends to run as the Administrator, giving full access to the entire machine. Linux doesn't do that. There is a history behind this, and it's quite logical once you understand that history, but it's still a design flaw.

53 posted on 08/10/2005 7:31:06 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 52 | View Replies]

To: browardchad
You might also try calling or emailing Dell support (include your service tag number) and ask about replacement disks -- it's worth a shot.

Thanks for the tips and suggestion. I'll give that a try.

54 posted on 08/10/2005 8:08:38 AM PDT by Babu
[ Post Reply | Private Reply | To 46 | View Replies]

To: ShadowAce; BibChr
Code is exactly the same. "Market share" or number of desktops in existance does not determine the number of hacks available to compromise the code.

But "Market share" does drive the number of hackers that will attempt to attack the system. Windows is by far the dominant consumer OS, and unfortunately most people are not very computer-literate so they don't know how to protect their systems (even though it's relatively simple), making them easy targets for criminals to prey on. That is why so many criminals spend their time looking for vulnerabilities to exploit in Windows - because that's where their highest rate of return will be.

Your desktop may run Windows, but I guarantee you that most of the hops your connection makes to any given website use Linux.

That may be, but those are very specialized networking systems with a very small attack surface area. They're not running a web browser or media player or print spooler or plug and play services or TAPI services, etc. If they were running the same kinds of software that Windows systems are running, you would see the same kinds of vulnerabilities. People are flawed, so any non-trivial software that people write will also be flawed.

55 posted on 08/10/2005 8:41:20 AM PDT by vrwc1
[ Post Reply | Private Reply | To 51 | View Replies]

To: vrwc1
They're not running a web browser or media player or print spooler or plug and play services or TAPI services, etc.

You're right. They're not running a web browser, or anything like one. It's not "embedded" into the OS. This is one of the design flaws I was talking about earlier. Integration of everything plus the kitchen sink into the OS is the design flaw that causes so much Windows insecurity.

If they were running the same kinds of software that Windows systems are running, you would see the same kinds of vulnerabilities.

No you wouldn't. You may see some other vulnerabilities, but they would not be the same kinds at all. The main reason is that those pieces of software are not linked into the OS. They run as a limited user, with very restricted access rights even on the very system they are running on. For instance, Apache running on a Linux system can only access Apache files. Not user files, and most definitely NOT system files. Sure, you may be able to deface a web page (woo hoo!), but you won't be able to take control of a system.

DNS usually runs in a chroot jail, which means it doesn't even see anything outside its directory structure, much less be able to get at it. Other services are quite similar. This is also why virii, in the traditional sense, won't get a good foothold inthe Linux world. They just won't be able to to do the things they can do in the Windows world.

56 posted on 08/10/2005 9:17:53 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 55 | View Replies]

To: hipaatwo
According to this article, there was a glitch in the updates for IE.
57 posted on 08/10/2005 10:38:57 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 24 | View Replies]

To: vrwc1

Powder..Patch..Ball FIRE!

Irrational anti-Microsoft jihadi mindset detected. Post ignored.

The only thing irrational was your response. Close minded name calling fascist language detected.


58 posted on 08/12/2005 7:29:06 AM PDT by BallandPowder
[ Post Reply | Private Reply | To 10 | View Replies]

To: ShadowAce
More people use Linux worldwide (even in the US) than any other OS.

That's a ridiculous statement. You claim that as fact? Bookmarked.

59 posted on 08/15/2005 6:55:36 AM PDT by Golden Eagle
[ Post Reply | Private Reply | To 51 | View Replies]

To: Golden Eagle
You claim that as fact?

It is fact. Notice, though, I did not say it was on the desktop.

TiVo is built on Linux, every router (just about) uses Linux, most web sites use linux. Every time you connect to the Net you are using Linux, whether you know it or not.

60 posted on 08/15/2005 7:01:27 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-79 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson