Microsoft Patch Opens Users to Attack
Posted by Rowain on 23 August 2006 - 03:13 · 21 comments & 8952 views
About the Author
Full name: Unknown
Forum name: Rowain
Contact: via forum PM
Submissions: Normal · Headline
Full name: Unknown
Forum name: Rowain
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(3 replies)
#1 Posted by yert* on 23 Aug 2006 - 04:24
- I've had it with these mother ****ing flaws in this mother ****ing operating system! Everybody patch up, I'm about to fill these ****in holes.
-
#1.2 Posted by yert* on 23 Aug 2006 - 04:48
- Sorry for the swearing. That was my buddy Sam who typed that.
-
#1.3 Posted by supersaiyanjericho on 23 Aug 2006 - 10:37
- lol Flaws In The Windows
-
(1 reply)
#2 Posted by Stunna on 23 Aug 2006 - 04:44
- 2000 and xp s1 only?
-
(4 replies)
#3 Posted by strekship on 23 Aug 2006 - 05:20
- People still running SP1 deserve what they get at this point.
-
#3.2 Posted by DomG on 23 Aug 2006 - 08:46
- Last time I tried to install SP2, it locked up my entire hard drive, corrupted every byte on it. Yes, I'm using a legal version of XP Pro. So I just don't want to risk trying another update, I just have antivirus, antispyware and firewall constantly running.
-
#3.3 Posted by Kushan on 23 Aug 2006 - 11:26
- If that's the case then you had to reinstall windows. You should have slipstreamed SP2 onto the disk.
I had problems with SP2, but a fresh install always works a treat. -
#3.4 Posted by cork1958 on 23 Aug 2006 - 12:50
- Quote - Kushan said @ #3.3If that's the case then you had to reinstall windows. You should have slipstreamed SP2 onto the disk.
I had problems with SP2, but a fresh install always works a treat.
Yep,
Exactly what you should have done.
The flaw in the update trick is hardly a surprise to anyone anymore, is it?
Of course, it works the same way in Linux also, as noticed yesterday by that major foobared xserver-xorg-core update!!
-
(1 reply)
#4 Posted by illz55 on 23 Aug 2006 - 05:52
- Not really big news. This is always going to happen and this is always only going to personally affect a tiny amount of users. Only gives Microsoft haters another reason to rant their dumb asses off.
-
#4.1 Posted by mrbester on 23 Aug 2006 - 09:26
- Quote -This is always going to happen...
So, by your reasoning, we should expect patches to create a new flaw? I'm glad you cleared that up. Which is worse, a flaw that a patch fixes, or a flaw that a patch creates? In your book, the former. In my book, the latter.Quote -... and this is always only going to personally affect a tiny amount of users
The tiny amount of corporate users on Windows 2000 and XP SP1 desktops you mean? The tens, possibly hundreds of thousands? Oh, but you're not affected on your home machine so who cares.
-
(2 replies)
#5 Posted by XerXis on 23 Aug 2006 - 06:34
- and again an issue that affects an OS from 1999 and an unpatched xp sp1, what's the problem?
-
#5.1 Posted by RAID 0 on 23 Aug 2006 - 07:56
- People don't Update.. because they don't know. I still come across a "few" with out SP2.
-
#5.2 Posted by markjensen on 23 Aug 2006 - 11:10
- The "problem" is that most large corporations run with Windows 2000 desktops.
-
(1 reply)
#6 Posted by Colin-uk on 23 Aug 2006 - 08:30
- suddenly the hotfix for a hotfix isnt such a joke anymore
-
#6.1 Posted by roadwarrior on 23 Aug 2006 - 13:35
- This is the second time within a week too!
-
(2 replies)
#7 Posted by franzon on 23 Aug 2006 - 09:09
- Windows XP SP2 users are NOT affected
-
#7.1 Posted by markjensen on 23 Aug 2006 - 13:11
- Yeah, neither are Apple OSX or *nix users. Lighten up on the super-sized lettering, please, unless you feel the need to compensate for something.
The flaw, initially thought to only crash Internet Explorer, actually allows an attacker to run code on computers running Windows 2000 and Windows XP Service Pack 1 that have applied the August cumulative update to Internet Explorer 6 Service Pack 1, security firm eEye Digital Security asserted. The update, released on August 8, fixed eight security holes but also introduced a bug of its own, according to Marc Maiffret, chief hacking officer for the security firm, which notified Microsoft last week that the issue is exploitable.
By the following day, network administrators and users began complaining that the update, MS06-042 , caused Internet Explorer to crash when browsing some sites. Three days later, security researchers at eEye discovered that the issue could be used to not just crash the browser, but to compromise PCs running Windows XP SP1 and Windows 2000. Other security researchers have also reported the issue to Microsoft, Maiffret said.
"This information is definitely out in the underground," Maiffret said. "Because of all the discussions on security mailing lists, they know that this is a bug. Any half-decent researcher knows that this is an exploitable bug."