digg

Join DiggAbout

Discover the best of the web!
Learn more about Digg by taking the tour.

Microsoft warns of 5 "critical" security flaws

yahoo.reuters.com — Microsoft Corp. on Tuesday warned of five "critical" security flaws in its Windows operating system and Office software that could allow attackers to take control of a computer.

Bury
show profanity settings
expand all
  • lagnut, on 10/12/2007, -16/+4Finally a reason to uninstall VNC.
    • ePlus, on 10/12/2007, -9/+25lol. And why is this news? Every month there are new "critical" security flaws.
    • bdmbdm, on 10/12/2007, -8/+17Another reason to uninstall XP.

      But seriously, we see these stories every month and they barely get fixed. And when it is time to get a critical update, they install this WGA ***** on our computers? How the ***** am I suppose to trust Microsoft and pay an arm and a leg for Vista?
    • Agret, on 10/12/2007, -3/+6Wrong post? This article has nothing to do with VNC....
  • Kahnza, on 10/12/2007, -17/+11Its a never ending flow of bugs and flaws. When is Microsoft going to finally bleed out and die?
    • labmouse42, on 10/12/2007, -8/+3Hopefully just after Gates donates 95% of his money (mostly in M$ stock) to the Gates Foundation
  • GS13, on 10/12/2007, -10/+16Hehe, ah the joys of windows!
  • antiktoo, on 10/12/2007, -16/+8Windows is best tool for spying known to mankind. That's why U.S. of America is licking Gates balls and do nothing to stop releasing ***** Microsoft products.
  • MrEcho, on 10/12/2007, -3/+19When was the last time a security flaw wasnt "critical" for Microsoft?
  • techpimp, on 10/12/2007, -10/+13*sigh* Yet another conspiracy. Microsoft ended their support for windows 98 and then a day later says there are security flaws. It must be nice to be microsoft!
    • pt4117, on 10/12/2007, -0/+3Yes, because Microsoft never releases security updates on the second tuesday of a month.
      /sarcasm
  • Kemo, on 10/12/2007, -15/+9Utopia = A Microsoft free world! And then I woke up! :o(
    • CBTF, on 10/12/2007, -20/+11Sorry macboy, the world has larger problems than MS.
    • shmatt, on 10/12/2007, -9/+11Sorry dickhead, but you dont know what he runs.
  • CrazyZ, on 10/12/2007, -11/+24SIGH,

    Yep nobody else comes out with patches and updates.

    Marked as lame. Sick of it. Slashdot sucks, Geek.com REALLY sucks, and Digg is becoming just as bad.

    All these sites need to just be renamed to "FanboysRUs" as every single article submitted just turns into a bash fest.
    • mrwiggly, on 10/12/2007, -7/+5Digg's already there. Seems that pretty much since version 3, we now just get the lowest common denominator of news and the associated flames and boring comments. Witness the number of 'hilarious' video clips that now dominate the listings. Oh and be sure to finish every headline with a couple of exclamation marks, and include a superlative as standard.

      And I used to think that no editorial policy was a great idea... How wrong...
    • neko, on 10/12/2007, -2/+8True. I'm sick of zero-day exploits and worms gaining access via default system services, but you can't blame them for releasing patches and warning about vulnerabilities. Every OS does that.
    • jmbillings, on 10/12/2007, -7/+4Yup,
      I stopped looing at slashdot some time ago because pretty much every post turned into "you should use linux".
      I have linux installed but rarely use it as a) I develop and support Windows software and b) software I use for "hobby-time" is Windows based.
      Linux won't deal with my wireless network card either, at least not without some faffing around recompiling things and god knows what else. I *get* Linux is more secure but so what? My Windows box has never been attacked either because I simply don't let it get in a position where it could be. Once the Linux user base increases to a big proportion all the hackers and virus writers out there will turn their attentions to it and you WILL start to see attacks requiring patches. Anyone who says that's impossible is living in a dreamworld.
    • BobTurbo, on 10/12/2007, -7/+4Every public site that I know of is 99% FUD/Fanboys in terms of viewer comments/posts/content. These people should just form their own club where they can feel special. Maybe calling it "The Retard Club". They can talk about how you will never get malware when using Firefox, how Bill Gates is an evil dictator wanting to destroy the world, how everything should be open source "cause there are a million eyes n that", how capitalism is the root of all problems, how every product apart from the one that is popular is the best, how their OS is so much more secure then Windows, how they have 600 applications you haven't heard of that perform elite tasks, etc etc. Or maybe some of them should just get a job and help society out instead perpetrating myths and misunderstanding to justify their beliefs and situation or feel like they are part of a special group.
  • upfrontfanatic, on 10/12/2007, -3/+20Would it be OK to bury this story as a duplicate?

    I mean Microsoft DO release patches at regular intervals. What's the news here?
  • CBTF, on 10/12/2007, -7/+9Yup.. just another cheap shot for the macboys/linux geeks to make a jab at windows.. nothing new.
  • DarkPenguin, on 10/12/2007, -10/+8**adds to infinite list o' reasons as to why a person should switch to linux**
    • mcnugget, on 10/12/2007, -5/+5Exibit A, CBTF. Don't worry, more to come.
      Damn fanboys. post some real news.
      We already know you love your OS's, stop turning digg into one of those "My OS is better than yours!" communities.
  • eclectro, on 10/12/2007, -8/+5Hoplessness, Despair, Microsoft.

    Choose any two.
  • SpacemanSpiff, on 10/12/2007, -6/+7At least they're proactive in finding and fixing the flaws.
    • skoles, on 10/12/2007, -3/+7Yea, but nothing like letting them fester in the wild till next month's patch.

      With the rate Windows exploits are discovered I think it was completely retarded for them to do the one patch a month deal.
    • carpespasm, on 10/12/2007, -1/+2yeah, if you have the patch finished now, why wait 30 days to release it?
    • BobTurbo, on 10/12/2007, -0/+1Here are some reasons for you:

      - They have thousands of applications, and millions of people who depend on Windows. Therefore, it is important that they quality test their patches thoroughly. What Microsoft would not want, is to be releasing patches that cause applications to run on Windows, or Windows itself, to break. This will mean people will be less likely to install the patches for one thing.

      - Fixing bugs also has the potential to introduce more bugs. Therefore the fixes themselves have to be thoroughly tested and analysed to make sure they are not just creating a new vulnerability. Windows is supposedly rather overly-complex underneath, so they have to trace all of the dependencies to see what effect a patch has on the system. I think Microsoft are working on making the Windows codebase less complex.

      - These flaws didn't suddenly just exist when the vulnerability was announced to the public. They would have been around for any length of time, up to years. In most cases, the vulnerabilities are not disclosed to the public, so it is only the security companies, or Microsoft, or whoever discovered the bug, that knows about the important details needed to understand and exploit the vulnerability.

      - Risk has to be taken into consideration. If this vulnerability is already being used, but in a very limited way, and a limited number of people are being infected, it is not urgent to rush out a patch that could be of inferior quality, or break applications. Take into consideration that the vulnerability could have been know to the attackers for years before Microsoft were alerted. What are a couple more weeks? When a working, critical exploit is made known on a public website for all to see and use, then Microsoft will say "ok this is serious" and release something out of the monthly cycle.

      - More frequent patch cycles means more rebooting for administrators etc and affects productivity. Many administrators do not want to have to get some early patch for something that can be easily mitigated in other ways. For example, with the wmf flaw, administrators could simply prevent users from opening WMF files until the patch was released.

      - Also compare Windows to Linux distros, or OS X in terms of patch responsiveness and you might be suprised to see the result.

      Most importantly, security is about risk management. I hate to tell you, but if you are using any common consumer OS, it is not secure. So don't expect that more frequent updates will make your OS 100% secure.

      I hope this gives you some insight into why there are monthly cycles.
  • kwaigg, on 10/12/2007, -5/+6Isn't this a repost from about a month ago? ...

    lol
  • Zippo, on 10/12/2007, -3/+12Security flaws with Windows? I believe they're called "network drivers"
    As long as a Windows box is online, it's insecure.
  • DavidMA, on 10/12/2007, -3/+4honeypot for morons
  • punkrockxtian, on 10/12/2007, -6/+1haha! you probably wouldn't see something like this coming from Apple. I mean since microsoft literally dominates, they dont really need to worry about attracting new customers. If Apple did release patches for security flaws it would probably masked as a feature upgrade or something.
  • warmcat, on 10/12/2007, -4/+3Ha ha love the comments about OMG everywhere I go people are saying MSFT suck and to use Linux, "how boring". You guys are on the rollercoaster:

    http://changingminds.org/disciplines/change_management/kubler_ross/kubler_ross.htm

    1. Stability
    2. Immobilization
    3. Denial
    • BobTurbo, on 10/12/2007, -3/+0Must be a really long rollercoaster ride.
  • bonzooznob, on 10/12/2007, -2/+6What is most anoying, is EVERY one of these updates, tries to reset my email application to Outlook!

    Not the kind of tactic a company like MS needs to be doing to get thier PR record fixed.
    • carpespasm, on 10/12/2007, -0/+1that's not a bug, it's a feature. just like any time you update anything to do with exploits related to media player, you have to reboot so it can jack with your defaults and set them all to WMP. reminds me of why i'm on ubuntu ^__^
  • shmatt, on 10/12/2007, -4/+3all you bitchin' that this is just so people can bash MS, sorry, wrong.

    this is why MS sucks. why don't you try something else? stop being zealots and pull your head out of the sand.
    • BobTurbo, on 10/12/2007, -2/+3MS suck because they patch vulernabilities? You tell em!

      You do realise that other OS's such as Linux have similar numbers of reported vulnerabilities don't you? And that Microsoft patch just as fast or faster than the other OS's? Maybe you should pull your head out of the sand and get your information from sources other than internet forums where the other fanboys provide the information.
    • carpespasm, on 10/12/2007, -0/+2the only thing is, when there are exploits for other systems, they are RARELY related to the overall system, usually just a single application. and almost NEVER allow for total control of the system remotely. on the other hand windows has been time and time again proven to be insecure in allowing anything that gets through IE, WMP, or outlook through to the rest of the computer with admin privledge.

      sorry, code will have bugs, but you're supposed to design it so the bugs don't allow for total exploitation when they happen. that is microsoft's problem.
    • upfrontfanatic, on 10/12/2007, -0/+1Care to show me any of these exploits that allow full system control if run as a regular user? I'm really interested. Please, I beg you, show me one example.

      And as for my server, Windows Server 2003, I don't use IE, Outlook or Windows Media player there. I hardly ever use those on my desktop.

      So... Can you please pinpoint just -how- switching to Linux would make-my-life-so-much-better(tm) ?

      And don't tell me *nix does everything better. I have a FreeBSD box, for what *nix does well. I have a Windows server for what Windows does well.

      In short: No system is more secure than its admin is competent. Installing Linux and pretending you are safe simply because you are running Linux is stupid at best.
  • vprice509, on 10/12/2007, -3/+3The cranky, buggy, insecure nature of Microsoft products create countless IT jobs. Bill Gates pays taxes in my state. Go Bill!
  • zolookas, on 10/12/2007, -1/+2Microsoft Corp. on Tuesday warned of five "critical" security flaws in its Windows operating system and Office software that could allow attackers to take control of a computer.

    It sounds like "You can be hacked! We take no responsibility, because we waned you". Better release security fixes.
  • Ratwiz, on 10/12/2007, -1/+5If you don't like Microsoft products, don't use them. You're not forced to :|

    People always bitch and moan about Microsoft but just think about how much of an improvement XP is over all their previous products. It is very stable (No BSODs, XP file protection), improved filesystem (NTFS), has lots of decent features like System Restore, etc. If you configure it properly and use good internet security software, you shouldn't have to worry about hackers, viruses, trojans. Unless you're looking for teh warez :D.

    Microsoft isn't the devil, he he. You have free choice as well. I personally love XP, or else I wouldn't be using it. You're gonna have ***** with any OS in any case. MS product's exploits and flaws are just more blatant because 90% (figure sucked out of my head) of people are running those products.

    Also, at least look at what Bill Gates is doing with the money that he has made from MS. I don't honestly think that you can complain so hard about the fact that Microsoft is a commercial entity making profits.

    My 2 cents, please feel free to present any well-substantiated argument against it.
    • PrometheuZ, on 10/12/2007, -1/+4Most people use Windows XP, even if they don't want to admit it for whatever reason. I don't know about anyone else, but I've NEVER had security breaches using XP, even when I didn't patch my system. I haven't even used an antivirus program for at least 2yrs. Am I just lucky or are there more idiots out there than I thought?
  • Waterrat, on 10/12/2007, -0/+2Most people use Windows XP, even if they don't want to admit it for whatever reason. I don't know about anyone else, but I've NEVER had security breaches using XP, even when I didn't patch my system. I haven't even used an antivirus program for at least 2yrs. Am I just lucky or are there more idiots out there than I thought?

    Same for me...I did patch my system.
    I used Yahoo mail, Firefox and went once a week to Trend's House Call for a free scan.
    I was always careful and it paid off.
  • xst4t1kx, on 10/12/2007, -0/+1yet again?! you jest.
  •  

    Login or register to add a comment

    Create a new account or login to join in the conversation on Digg. You'll also be able to Digg stories to help promote things you like.


© Digg Inc. 2008 — Content posted by Digg users is dedicated to the public domain.
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.