Microsoft fixes serious Windows flaws

Cnet News ^ | August 9, 2005 | Joris Evers

[Panerai]

Microsoft on Tuesday issued alerts on several security flaws in Windows, the most serious of which could allow an attacker to gain control over a victim's computer.

Microsoft released six security bulletins as part of its monthly patching cycle, three of which it deems "critical." The Redmond, Wash., software gives that rating to any security issue that could allow a malicious Internet worm to spread without any action required on the part of the user.

One bulletin addresses three flaws in Internet Explorer. Of all the issues Microsoft offered fixes for Tuesday, these put users at most risk of attack, said Oliver Friedrichs, senior manager at Symantec Security Response. Two other vulnerabilities, affecting the plug-and-play feature and printing in Windows, could also spell some trouble for users, he said.

An error in the way IE, Microsoft's widely used Web browser, handles JPEG images is especially alarming, according to Symantec. An attacker could commandeer a PC by crafting a malicious image and tricking the victim to look at it on, for example, a Web site or in an HTML e-mail, Microsoft said in its MS05-038 security bulletin.

"These vulnerabilities can be leveraged by malicious Web sites to install spyware, Trojan horses, bots, or other programs on an unsuspecting user's machine," Friedrichs said.

The other two IE flaws that Microsoft now has fixes for could also allow an attacker to take control of a user's computer. One relates to how the browser handles URLs related to a feature that lets users view file folders in IE. The other deals with the ability of IE to call on other parts of Windows and is similar to a problem patched last month.

[Panerai]

Windows the OS that just keeps on giving and giving.

[MikefromOhio]

they haven't fixed crap...

bandaids on an artery come to mind...

[Boundless]

See also:

Microsoft sees 3 'critical' Windows security flaws
http://www.freerepublic.com/focus/f-news/1460039/posts

[ErnBatavia]

Windows the OS that just keeps on giving and giving.

And if it wasn't here, you'd probably be posting to yourself and Steve Jobs...and that'd be about it.

[vrwc1]

As I posted on another thread this morning, it's more appropriate to blame the hacker, not the victim.

Microsoft is doing everything they can to make their software more secure, but if there weren't so many criminals targeting Windows it wouldn't be such a problem. If Apple or Unix were the dominant platform, I guarantee you would see the same level of hacks on those platforms.

Your best bet is to use anti-spy and anti-virus software and enable Windows automatic update feature or visit the Windows Update web site every once in a while. If you do that you'll be fine. That's what I do with the 4 PCs I own, and they all have no problems.

[hipaatwo]

It won't let me update. Says I don't have an original copy of XP on my computer

[BallandPowder]

Powder..Patch..Ball FIRE!


Micro$oft isn't doing Kr*p Their IE7 won't even be available for anything besides Xp.

Use Firefox. Use Linux. Use OpenOffice. Tell M$ to take a hike.

[vrwc1]

Where did you get your OS?

[COEXERJ145]

It won't let me update. Says I don't have an original copy of XP on my computer

That means the Microsoft Authentication Software thinks you have a pirated copy of Windows XP on your machine.

[vrwc1]

Irrational anti-Microsoft jihadi mindset detected. Post ignored.

[hipaatwo]

So what do I do?

[MikefromOhio]

or just use Symantec and Mozilla and not have to worry too much...

Or just buy a MAC. When Apple comes out with the x86 Dell version, Windows days will be numbered....

[tjblair]

you can't guarantee anything, and you obviously know very little about computers, UNIX is 1000 times more secure than winnows.

[FreePaul]

Could be you have an OEM version installed when you bought your computer. If so they should update it. Otherwise you'll have to buy a copy. I suspect that a lot of the "problems" MS is coming up with now is just an excuse to get in your computer to see if you are legit.

[vrwc1]

Sorry, my 22 years experience as a software developer says you're wrong. BTW, nice made up factoid about Unix there.

[hipaatwo]

My ME crashed so my son's friend installed XP for me. It has been updating all along and now it won't do it anymore. Is my puter screwed if I don't buy a copy of XP? I do use firefox but I use IE to play computer games, it seems to work better. I use XP's firewall and an anti-virus.

[vrwc1]

My ME crashed so my son's friend installed XP for me.

Well there's your problem - your Windows XP isn't legit.

Is my puter screwed if I don't buy a copy of XP?

Yep - you need to get your own legit copy.

[COEXERJ145]

My ME crashed so my son's friend installed XP for me. It has been updating all along and now it won't do it anymore. Is my puter screwed if I don't buy a copy of XP?

Yeah, you're screwed. Microsoft just recently installed a system that ensures only legit copies can download updates to try and slow down pirating of its products.

[tjblair]

1000 times was made up, my apology.
but the ms FUD regarding the "dominant platform" is just that, FUD. there are much bigger "prizes" to be had on machines running unix and linux, i don't buy or use ms products and i don't buy ms fud(wishful thinking).

[upchuck]

Ah, the latest monthly, at least, edition of, "MicroSloth Fixes Serious Windows Flaws." Thank you for this. I've been waiting for it.

Any truth to the rumor this may become a weekly or even daily publication?