Microsoft patches 23 security flaws (Here we go again)

Electronic News.Net ^ | August 9, 2006 | Ciara O'Brien

[Zakeet]

Microsoft, on Tuesday, issued yet another bumper crop of security updates to fix over 20 flaws in its software, its biggest update since it began the regular bulletins.

The 12 updates fix a staggering 23 flaws in Windows software, with 15 of them rated as critical, Microsoft's most severe rating. One of the 15 critical vulnerabilities has been tagged as a possible worm candidate; anonymous users can exploit the Service Server vulnerability remotely, regardless of the operating system.

Three of the flaws were discovered in Office products, including Powerpoint, while 20 were present in the Windows system. Mac users also need to beware, as the Powerpoint vulnerability can affect their systems.

Industry experts said that although 11 of the flaws were already known, the remaining 12 were discovered by Microsoft.

"This month 11 patched vulnerabilities were already public or were already exploited in-the-wild prior to [Tuesday's] announcements. Among them is the vulnerability in Powerpoint that was exploited in targeted attacks in mid-July," said security firm McAfee in a post on its Avert Labs blog.

This is the third month in a row that Microsoft has issued a large number of security patches for its software. In fact, according to McAfee, Microsoft has already dealt with more vulnerabilities this year than in 2004 and 2005 combined.

[Zakeet]

This is actually good news according to Microsoft spin.

According to their spokesman, "rather than an indictment of the security of Microsoft's software ... this may actually be a positive sign, with Microsoft reacting to the flaws more rapidly. ... Microsoft is not the worst [because} Oracle only issues patches quarterly."

[Skooz]

I updated mine this morning.

No big deal.

[kinoxi]

In other news, Apple still ignores freebsd vulnerabilities but no one cares.

[Cheburashka]

Thank God they stopped supporting Windows 98 last month.

Now they have more manpower to fix the holes in Windows 2000 and XP.

[RFC_Gal]

Which FreeBSD vulnerabilities has Apple ignored?

[kinoxi]

FreeBSD
Name one that Apple has patched.

[RFC_Gal]

That isn't the way these things work.

You made a statement that you know need to support. All I am asking is that you provide proof of your statement which should not be a hard thing for you to do.

[holymoly]

Thank God they stopped supporting Windows 98 last month.

Now they have more manpower to fix the holes in Windows 2000 and XP.

While XP needs all the help it can get, I doubt support of Win98/ME was taking much manpower.

Anyone can visit Windows 98 Downloads, and count the number of "critical" updates. I think I counted 22, dating back to 1999.

At least one, the "Windows IDE Hard Drive Cache Package", while perhaps being "critical", doesn't actually have anything to do with security.

[RFC_Gal]

know shoud be now.

sorry about that.

[kinoxi]

Mac expo 2005 was hosted on Windows 2003 servers. Haven't checked on '06 yet. Maybe Apple trusts their software this year. I do not know.

[dennisw]

M$ likes these flaws and vulnerabilities. This makes the lemmings "migrate" over to Vista

[RFC_Gal]

That has nothing to do with your original statement.

What FreeBSD holes hasn't apple patched? You said they exist so name them.

[kinoxi]

I am supposed to waste my time cataloging FreeBSD exploits for you? You are online, there are multiple sites to satiate your curiosity. Secunia seems impartial enough.

[RFC_Gal]

You made a claim - now you refuse to back it up. Perhaps you didn't know what you are talking about and are now trying to cloud the issue?

BTW FreeBSD is used for the Unix/POSIX userspace while a version of Mach is used for the kernel.

[kinoxi]

I don't post vulnerabilities.
I try to avoid posting insults.
FreeBSD vulnerabilities exist in your preferred OS.
The exact number is unknown.
The Ipod craze will most assuredly educate the general populace on Mac weaknesses.

[RFC_Gal]

Seeing as how my prefered desktop OS is Ubuntu Linux I would love for you to list one FreeBSD vulnerability in it.

FYI - I don't really care for the ipod, I think they are overpriced and I do not care for the interface.

See what happens when you make assumptions?

[kinoxi]

I put the A$$ in assumptions.
FreeBSD vulnerabilities are numerous. Can I ask why you're defending Mac OS?

[RFC_Gal]

Not defending macos. I just don't like people posting random unsupported things in tech or science threads.

[kinoxi]

There is ample information. One thing I like about freeware.
Name one FreeBSD patch issued by Apple.

[PeteB570]

No more Windows 98???????

What am I going to do now? Had this critter for 7 years and it's just starting to get broke in.

Shuuuuewwww, I'm still learning how to use all the new features I have now instead of that old 95 series.

[r9etb]

Just to truncate your tennis match with RFC_Gal, might I recommend that you post a link to a site that lays out the exploits in detail?

[kinoxi]

No.
If I knew how to break into your model of car should I post it?
FreeBSD vulnerabilities are too numerous.
Enjoy.

[r9etb]

I'd point out that you're making large claims, and then failing to substantiate them. You claim the information is out there ... well, give us the link. Or do you think there are hackers out there looking to FR for their hints?

[kinoxi]

I do indeed apologize for offending you.
Apple does not support FreeBSD. They charge for it though.
Secunia has (www.secunia.com) a list of some vulnerabilities.
What large claims am I making?

[r9etb]

What large claims am I making?

The ones about there being a raft of vulnerabilities in FreeBSD....?

[kinoxi]

I do not know what a 'raft' constitutes.

[RFC_Gal]

I will type this slowly.

The base operating system kernel in OSX is a mach variant which isn't based on freebsd. freebsd is used mostly for userspace and as an interface to the mach kernel.

[kinoxi]

Stealing freeware and charging for it should bother a Linux user.

[RFC_Gal]

The BSD license permits such use. If the copyright owners don't have a problem with it why should I?

[kinoxi]

So, do you prefer a linux variant or a UNIX variant?

[RFC_Gal]

Please explan what you mean by linux or unix variant.

[kinoxi]

If it pleases you I would request that this be taken private for the time being.
I love a good argument.
:)

[RFC_Gal]

No.

You refuse to support the points you made in public so why should I bother to discuse in privite with someone who appears to be making things up as they go along?

[kinoxi]

I do not post vulnerabilities in an open forum. Your implication that FreeBSD is secure is a lie.

[RFC_Gal]

To: r9etb I do indeed apologize for offending you. Apple does not support FreeBSD. They charge for it though. Secunia has (www.secunia.com) a list of some vulnerabilities. What large claims am I making? 24 posted on 08/09/2006 2:57:48 PM PDT by kinoxi

[kinoxi]

Quite a nerve I hit with you...
:)

[RFC_Gal]

Not really. I just don't like those that act like experts on a topic they know next to nothing about.

[kinoxi]

Good point.
Name ONE FreeBSD patch ever issued by Apple.
Good night.

[Tribune7]

I was pushed to give up Macs for PCs a few months ago. I was tempted but I didn't give in.

Thank You, God.

[1FASTGLOCK45]

Do you have a newer Mac?

I have a PC and just redid a fresh installation. All my updates and Win XP Pro takes close to 4 gigs alone.
It's beginning to drive me crazy that MS comes up with another gigs worth of patches every few months and i'm thinking of trying something different. The only problem is if i goto MAC i won't be able to run all my windows programs. :(
I might seek professional help when i get my next system and get Linux instead of windows.

[1FASTGLOCK45]

Skooz wrote:

I updated mine this morning.


---How many Megabytes was your update?
I'll have to update later this evening.

[Cheburashka]

While XP needs all the help it can get, I doubt support of Win98/ME was taking much manpower.
---
Um, I think that was my point.

[Cheburashka]

No more Windows 98???????

What am I going to do now? Had this critter for 7 years and it's just starting to get broke in.

Shuuuuewwww, I'm still learning how to use all the new features I have now instead of that old 95 series.
---
I understand they have come up with even more exciting features, like computers that actually turn themselves off when you hit "shut down", instead of of just telling you it's now safe to turn off your computer, and making you do the actual work.

It's a wonderful thing, like when I discovered that Windows actually has a calculator built in.

No more taking off my shoes to count above ten.

[holymoly]

Um, I think that was my point.

Yup, that's what I figured.

But with all the FUD being spread about Win9x/ME the last few months, I made my post on the off chance someone might actually take you seriously.

Take this statement, for example:

"We recommend that customers who are still running Windows 98 or Windows Me upgrade to a newer, more secure Microsoft operating system, such as Windows XP"

It's hard to tell if Microsoft is joking, or not. Still, it had me rolling on the floor.

[wattojawa]

Microsoft must be joking when they say that as many computers running windows 98 or ME don't meet the minimum hard where requirements of windows xp though they could probably run windows 2000.

[Centurion2000]

Be advised that the MS06-040 vulnerability has a public exploit available now through MetaSploit.

Considering that EVERY server and workstation runs the server service by default, every system is vulnerable to this exploit.

MS and some others are saying this has the potential to be a Blaster or possibly a Nimda level of exploit/virus.