Microsoft Patch Leaves Holes Open
Posted by Daniel Fleshbourne on 06 July 2004 - 19:01 · 33 comments & 3017 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
#1 Posted by Hurmoth on 06 Jul 2004 - 19:05
- Go Microsoft!
-
(4 replies)
#2 Posted by Colonel_Angus on 06 Jul 2004 - 19:10
- Let me start the flame war.
My browser owns your browser:
Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040319
I'm a better human being than you because my web browser is better than yours. -
#2.1 Posted by Hurmoth on 06 Jul 2004 - 19:12
-
I don't know if Mozilla owns IE, but I agree that Mozilla is a better browser!
-
#3 Posted by carpediem on 06 Jul 2004 - 19:13
- SP2 users are not affected by the these 2 vulnerabilites right? Talking about this one and the related first one.
-
(3 replies)
#4 Posted by Sunny69 on 06 Jul 2004 - 19:17
QUOTE Dutch security expert Jelmer Kuperus published code on the Web
How stupid is that? Publishing the code is like tellin hackers: "hey use this, go ahead it works!"-
#4.1 Posted by Varsity on 06 Jul 2004 - 19:18
- People would write the code within minutes anyway. Releasing his code just forces MS to move faster.
-
#4.2 Posted by tmaxxtigger on 06 Jul 2004 - 19:19
- I agree, I think it's more about his ego than anything else..
-
(2 replies)
#5 Posted by doubledragonxz on 06 Jul 2004 - 19:20
- LOL seems like even Microsoft is against IE.
-
#5.1 Posted by chacho on 06 Jul 2004 - 19:37
- i would be too if my own product keeps fscking me in the business world...
-
#5.2 Posted by rogerroger on 07 Jul 2004 - 02:42
- They are (microsoft IE) taking a beating in the business world. Everyone wants to ditch, but no one knows how to move so many users off and still make apps continue to work. I wouldn't be surprised to see MS decouple IE frm windows or even buy opera (their dev team) to replace IE. I think we'll see some interesting things regarding IE from MS in the next 365 days. (other than more patches!)
-
(3 replies)
#6 Posted by Sunny69 on 06 Jul 2004 - 19:22
QUOTE Microsoft confirms that the company is aware of the exploit code, but does not believe any customers have been attacked using the Shell.Application exploit, a spokesperson says.
What's that supposed ta mean? They know but just dont give a **** or are they workin on it? Asif everyone would report an exploit to microsoft..blehh..they cant know if it happend already or not.
An why didnt that securityperson just report it to microsoft...he obviously is provocing attacks
Last edited by 59740 on 06 Jul 2004 - 19:33-
#6.1 Posted by bilbobaggins on 06 Jul 2004 - 19:37
QUOTE They know but just dont give a **** or are they workin on it?
Well, they know and confirm. Shouldn't this make all of IE/M$ users happy all over ?
M$ receipt straight: when M$ tells you you're safe, you believe.
Hell right.
-
#6.2 Posted by Crackler on 06 Jul 2004 - 19:51
- He should have reported it to Microsoft, not the entire world. That way Microsoft would have somewhat of a lead in terms of working out a patch of sorts.
-
#7 Posted by nX07 on 06 Jul 2004 - 19:58
- Ms Bash Fest 2K4 Version 34
-
#8 Posted by Mister Lamar on 06 Jul 2004 - 20:03
- oh man, poor microsoft, Poor IE, awwwwwwwwwwwwwwwwwwwwwwwwwwwww
-
#9 Posted by sdkaneda on 06 Jul 2004 - 21:05
- sends quite a message. there must be some way to.. say.. 'take back the web'..
ah well, bring on the spyware and the 'sploits, i say. i get paid good cash fixing people's computers. let 'em use IE.
-
(2 replies)
#10 Posted by dotnetjunkie on 06 Jul 2004 - 23:23
- The problem is that you people don't know the inner-workings of IE. There only are so many exploits because it's attack surface is so large! As a professional developer, I've thouroughly analysed nearly every major browser out there (Mozilla, Netscape, Opera, and yes, Firefo
, but honestly they all suck, they lack soooo many features, you can't compare them with IE, really.
It's just the same as comparing Notepad with Word. Of course notepad has less bugs than Word, it only has a fraction of the features!! So I don't think IE is doing that bad, considering it is a huuuge application platform, and not just a HTML render engine with a graphical UI!) -
#10.1 Posted by jasondefaoite on 06 Jul 2004 - 23:37
- Interesting ... so what are all these "features" in IE that other browsers are lacking? Besides the holes obviously
-
#10.2 Posted by f0x on 07 Jul 2004 - 06:09
- The only feature that I have found that Firefox is missing over IE is Active-x ..... so I use IE to play runescape.... but other than that, I might as well use Firefox, because it has all the features that I need for day to day use, and it's not a security risk. since I swtiched to Firefox, the amount of spyware and adware has dropped dramatically.
-
#11 Posted by mleonc on 06 Jul 2004 - 23:56
- IE Sucks!!!! Think about it: You patch you whole systems, BUT!!! you're still vulnerable, and Microsoft says "Humm!! , no one's been attack yet by this HOLE". WTF are they waiting for???
-
#12 Posted by badall on 07 Jul 2004 - 01:33
- all i want to know is why did microsoft intergreat IE so much in to the operating system?, also i have been seeing a hell of alot more port scans in the last few days
-
#13 Posted by James55 on 07 Jul 2004 - 03:26
- Good thing I started using mozilla lately. Lol!
-
(2 replies)
#14 Posted by HBGuy on 07 Jul 2004 - 07:04
- This is not bash IEfest version 34, it's version 965,824. The constant bashing of IE/MS/Windows and their users is the reason why I do not post here except once in a very great while any more. I will use IE/MS products/Windows for as long as I *bleep*ing *censor*ed well please, thank you very much.
-
#14.1 Posted by Ized on 07 Jul 2004 - 10:02
- HBGuy, I'm also a Windows user/developer and I don't take it to myself if someone touts their non-Windows OS to me. To me the "my-OS-is-better-than-your-OS" discussion is retarded and serves no purpose.
BUT! I'll backup 100% anyone who wants to bash IE. IE in it's current state (IE6 SP1) is non-standards compliant and unsecure. You can say what you want, but that's the truth. Now, the more people scream how BAD IE IS, the more likely it is that Microsoft will eventually HAVE TO do something to make it more uptodate/secure/standards compliant.
Until IE is in par with Firefox and it's features, I'll be a happy Firefox user. You can use IE and play "lottery" to see if you catch a worm from the next site you browse to
-
#14.2 Posted by Fowen on 07 Jul 2004 - 15:18
QUOTE HBGuy, I'm also a Windows user/developer and I don't take it to myself if someone touts their non-Windows OS to me. To me the "my-OS-is-better-than-your-OS" discussion is retarded and serves no purpose.
I agree this "my borwser is leeto and M$ IE SuXoRs" is stupid and childish, and I don't even comment with those posts.
QUOTE BUT! I'll backup 100% anyone who wants to bash IE. IE in it's current state (IE6 SP1) is non-standards compliant and unsecure.
Running on IE 6 SP1 is not very secure, but for the average user who is not doing bad stuff on the computer (I think you know what I mean) they should never see any worms on their PC. If they download warez, and go places they shouldn't be going to, thats when you will see that stuff.
I agree IE6 SP1 SUCKS if no settings are changed, but if the security settings are setup properly then it is just as secure as FF. SP2 will fix a lot of people's problems with IE. I have not had one piece of spyware or a worm pop up on AVG since I have been using it.
QUOTE Until IE is in par with Firefox and it's features, I'll be a happy Firefox user.
I tried FF, and yes it has a lot of features and options, but I am not going to spend all day long to configure the browser the way I want it to work, and tweak a small setting here and there. I used it for 3 days, and after the 6th hour of playing with it, I said screw it, and went back to my simple IE.
-
#15 Posted by Darkness2k on 07 Jul 2004 - 11:03
- Is it the one posted here: http://archives.neohapsis.com/archives/bugtraq/2004-01/0002.html
Cause if so, my Antivirus picks up on that file if I even just extract it from the zip!
-
#16 Posted by Randall_Lind on 07 Jul 2004 - 15:38
- Microsoft since they are no longer working on IE needs to get rid of it or make a new browser.
-
#17 Posted by Kwisatz on 07 Jul 2004 - 23:29
- LOl
QUOTE Microsoft since they are no longer working on IE needs to get rid of it or make a new browser.
It's unbeliveble that they didn't fix a 6 year bug ...
They are the top 1 in market, they have lot's of money, they hire the best "programmers", and they can't do a simple browser ?
Microsot need to follow standarts and not jump them and jump all the world around.
Firefox rocks!!!
Dutch security expert Jelmer Kuperus published code on the Web last week that he says can be used to break into fully patched Windows systems using a slightly modified version of an attack called Download.Ject that Microsoft patched last week. The new attack targets a hole in a different Windows component than the one addressed by Microsoft's software patch. Using a similar attack, malicious hackers could break into even patched Windows machines, Kuperus says. Microsoft confirms that the company is aware of the exploit code, but does not believe any customers have been attacked using the Shell.Application exploit, a spokesperson says.
Building on the success of the Warcraft® series, Blizzard hopes to expand the MMORPG genre by creating a deep, immersive, user-friendly experience that will appeal to both veteran gamers and casual players alike. World of Warcraft™ takes place three years following the aftermath of Warcraft III: The Frozen Throne™, when a great tension has settled over the ravaged world of Azeroth. As the various races begin to rebuild their shattered kingdoms, new threats, both ancient and terrifying, have arisen to plague the world once again. Players must explore the lands of Azeroth, forge fellowships with other players, and build their strength in order to prevail. World of Warcraft™ will be fully localized into French, German, and English in Europe.
Best known for blockbuster hits including the Warcraft, StarCraft, and Diablo series, Blizzard Entertainment (www.blizzard.com), a division of Vivendi Universal Games, is a premier developer and publisher of entertainment software renowned for creating many of the industry’s most critically acclaimed games. Blizzard’s track record includes eight #1-selling games and multiple Game of the Year awards. The company’s free Internet gaming service Battle.net® reigns as the largest in the world, with millions of active users.