Posted on 10/12/2004 2:45:09 PM PDT by Redcloak
Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products.
The advisories, and patches published with the bulletins, range from an "important" flaw affecting only Microsoft Windows NT Server to a collection of eight security holes, including three rated "critical," that leave Internet Explorer open to attack. Microsoft's highest severity rating for software flaws is its "critical" ranking, while "important" is considered slightly less severe.
One flaw, in Microsoft Excel, even affects Apple Computer's Mac OS X.
The abundance of flaws could leave corporate PCs vulnerable to attack if administrators are not able to patch quickly. A similar situation occurred in April, when Microsoft published seven advisories detailing 20 flaws. While one security hole stood out among those 20--and led to the widespread Sasser worm--there are no standouts in the current gaggle of goofs.
"Our challenge is trying to guess what the criminals are going to attack," said Stephen Toulouse, security program manager for Microsoft's security response team. "The guidance we are giving in general is to treat the critical ones first."
A single computer would not be vulnerable to all the flaws, Toulouse added.
Oliver Friedrichs, senior director of Symantec's security response center, said three vulnerabilities could lead to a Sasser-like worm, but the danger is lessened by the fact that the vulnerable services are not started by default on most versions of Windows. These flaws are related to three network protocols that are not generally activated on Windows computers: Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP), and Network Dynamic Data Exchange (NetDDE)
(Excerpt) Read more at news.zdnet.com ...
I have an AMD processor, (apparently 64bit) that will not run SP-2. The computer refuses to boot.
I fully updated SP-1 and installed ZA for a firewall. It seems to be doing the job.
All explained here a long time ago
http://www.freerepublic.com/focus/f-news/1017846/posts#9
That's partially true. The other piece to that is that hackers will attack systems that give them a good chance to defeat.
For example, last I knew, the majority of Web Servers on the Internet run Linux and Apache. However, most of the attacks we hear about are on systems running Micrsoft IIS. Common sense will tell you that the reason for that is because IIS is easier to circumvent.
I work as a developer. It is important for my software company to gain the trust of the users of our product. If we have a buggy release, this negatively impacts the trust in our software the users have. Once this happens, even if we fix all of the bugs, users will tend to believe there is a problem with our software whenever they encounter a result they didn't expect. It takes a long time before they start believing in the software again.
It is no different for Microsoft. They have the reputation of being buggy and not secure. They will have to work very hard to overcome this image.
Actually, common sense tells you that the more buggy the software the more bugs will be found. Anything else is wishful thinking.
While the theory that the more popular a piece of software is the more it will be exploited is often put forward but has been regularly and thoroughly debunked.
Apache is the most popular web server, yet it is exploited less than Microsoft's Internet Information Server.
Sendmail is the most popular mail server, yet it is exploited less than Microsoft's Exchange Server.
Microsoft software is exploited more because it has more bugs.
I installed SP-2 on 4 machines; no problems. Sounds like you had *prior internal* problems, R.
Umm... NO. The flaw affects Microsoft Excel for Mac OS X.
Always the imitator and charlatan, Microsoft, like rabid abortion-proponent Gates, is allied with evil and produces shoddy products, refuses to compete fairly, is nearly as skilled at propaganda as the Democrat Party.
They're morally and ethically barren from how they treat customers, to how they treat partners and innovators, to how they treat employees.
While their evil acts may have had seemingly positive incidental effects it does not justify the manner in which they've conducted business. The ends--yes, even all that pretty capital investors have stuffed their pockets with--cannot justify the means.
The unchallengeable ascension of Microsoft has harmed the industry immeasurably and stunted true innovation.
Yeah - in Haiti.
Most corporations -- mine included -- will not allow installation of WinXP's Service Pack 2; it causes more problems than it fixes. All of the others are OK.
My comment dealt with the home PC.
Everything done by hackers is to data manipulate or take over home PCs. Networks are usually well protected by excellent firewalls, but the PC hooked to it is the weakness. Get into it and plant a bot to allow access to the network and all is lost. It does not matter what kind of server you might have if the door is open.
They are then used to attack servers.(as in a DOS)
As I see it, it is the PC they are after, and MS owns that market in operating systems, applications and the like world wide. Why the hell bother attacking Macs.
BTW, most of the error messages that I get are Apache generated. That is the only reason I even know the name.
Really? You running with Win32 or Win64? Can't imagine it would even attempt to install on Win64.
I suspect it has something to do with SP-2s new security that identifies certain script operations.
The 64bit AMD uses these to process or something.
I have tried some workarounds to turn that portion of SP-2 off, but I have had no success.
They apparently know about it, but there are no solid fixes that I can use effectively.
I have quit trying, as I believe I can handle security in other ways without SP-2. The repeated restore sys. and deletions screw up the drive and the op system.
Hmm. I have a couple AMD64s at work. I'll have to give this a shot tomorrow and see what they do. I know at least one is running Win32, but I may have W2K3 on there instead of XP.
I have the standard 32 program,(XP home)but the AMD processor has to run it in 64 so it does something with code to run it.
The SP-2 sees this as malicious code and refuses so the system fails with about 6 different codes on the beginning of bootup.
I would guess they won't share their code with MS or vice versa and all the suggested workarounds seem to fail to load. The Sys Ini file won't accept the language.
DUH! That is why I gave up. The whole thing rots my brain.
Real simple security fix. Use two computers. On that goes on line and one that does not (or rarely does if you need to do banking online).
Browse away on the first computer and then just format the hard drive every month.
The second computer, well, it is not on line so you don't need to worry about it.
At a company, no computer at an employee desks should have access to the internet through the company intranet. Instead, set up internet work stations where employees go to get what they need on the net.
That keeps them focused on getting what they need and getting of the net and back to work and it keeps the company system secure from the outside. If you have salespeople that need to access the company data base, simply upload and update to a system not connected to the intranet.
Ok. This must be what they are talking about:
http://news.com.com/Windows+update+harbors+AMD+conflict/2100-1016_3-5326707.html?tag=st_lh
MS and AMD are in pretty tight with the AMD64 line of chips. I'd be surprised if one isn't telling the other something concerning a problem like this.
Here's my question. I'm still running Win2k SP2 (I'll install my Windows updates when *I* want, Mr. Gates, thank you very much), and it says that none of these only affect Win2K SP3 and SP4. Does this mean that they're ignoring SP2 or that SP2 is immune?
...rather that they're listed as *only* affecting SP3/4...bah, can't type tonight...
I had not thought about video drivers for secondary progs.
It faults at the boot initiation, and that is where the vid drivers are likely to be.
The workarounds suggested in the article are the ones I tried to no avail.
It is possible that my monitor or vidcard is doing it. If it is I'm screwed on SP-2. That would be the laptop motherboard. I will start by disabling the various programs then delete them. If it is the DVD drivers, then Averatec needs to know. They also factory installed the DVD prgs.
I sent them a list of the error codes and have not heard from them yet.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.