Five new critical updates from Microsoft
Working as a sysadmin on some huge network is kidding harder and harder with every week. Microsoft has released six bulletins, five covering critical vulnerabilities, as part of its latest Patch Tuesday update. The critical list includes flaws in Universal Plug and Play, Windows CSRSS, Microsoft Agent and Microsoft Content Management Server that create a means for hackers to inject code into vulnerable systems. The security update follows last week’s patch (MS07-017) for the ANI vulnerability, which Microsoft released early amidst reports of widespread hacking attacks targeting the flaw. Redmond also pushed out a hot-fix for this top priority patch designed to resolve conflicts with other applications. There’s also an “important” patch designed to address a vulnerability in Windows Kernel that might allow privilege elevation.
Security vendors said Microsoft had done the right thing in releasing patches early, despite the application glitch problems. Both the ANI vulnerability and CSRSS patch affect Windows Vista as well as other Windows operating systems, Bentley notes. Microsoft made that discovery during its investigation, said Christopher Budd, a security program manager with Microsoft. “What we found out was what was publicly being called an elevation of privilege issue, was actually more complex and did have the possibility of code execution,” he said. “This is an instance where the thoroughness of our internal investigation turned up elements that were never uncovered in the public discussion.”Users are advised to update systems promptly. There’s more information in Microsoft’s security bulletin summary here.
Source: Xinhua, Register
Comments(8)
windows automatic updates ON
Linux installation – detected.
Windows installation – not detected.
Feeling of insecurity – not detected.
Regrets – not detected.
Bill – owned.
LOL. The picture in the post of the Mac software update…
I updated last night, one of the updates seem to be for the system kernal itself. Since windows needs so many patches, I have to wonder why they skipped the last patch tuesday. There alot of things in windows OS’s that needs fixes and security updates.
will this mess up my pirated version of XP?
Seems to me the updates killed my cracked copy of Acrobat 8 Pro – anyone else had this problem, or know of a fix?
“Working as a sysadmin on some huge network is kidding harder and harder with every week.”
kidding? You mean “getting”, right?
Well, that’s because you’re using a half-arse operating system that is developed and maintained by a two-bit company!
If you’re using a decent OS that is being developed by people who actually give a shit, you can actually take on a far higher workload than a Windows Admin. ie: One admin can cover more systems than a Windows one.
I believe this itself, justifies the higher cost of a Linux, Unix, BSD or Solaris Admin.
What really annoys me is that this recent ANI vulnerability was also carried to Windows Vista! (This issue was supposedly fixed 2 yrs ago on WinXP, and then it was unfixed somehow!…The code was then carried into Vista!)
And yes, I’ve seen a Vista box get exploited by this ANI issue. Its not pretty, and there is no way to really fix things when Explorer keeps restarting itself in an infinite crash loop! (Only way to resolve seems to just format the darn thing)…And no, it doesn’t help if you boot into Safe Mode.
This proves one thing…No matter what MS does with Windows, it doesn’t address the fact that they have made some serious design decisions (and coding implementations) that greatly effect their product. (This is mainly to meet deadlines and the insistance not to start all over again).
NONE of the built-in security features MS tooted about (to sell Vista), were able to stop or contain this ANI issue. This confirms that security band-aids mean shit when the code itself hasn’t been seriously audited and re-written.
The next time you hear the words “Microsoft” and “Security” in the same sentence, you know from history, its all BS to sell you a product.
My system has been fast for a long time, then all of sudden my system seems to be slower now, even though I have overclocked my cpu by 30 percent. The Winxp seem to be lagging alot these days.