Linked by Thom Holwerda on Wed 9th May 2007 10:15 UTC, submitted by anonymous
Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology and the whopper of them all, the zero-day vulnerability in the DNS Server's use of RPC. The DNS remote code execution vulnerability affects server-grade operating systems, including Windows 2000 and Windows Server 2003, and only those that have the DNS service enabled, such as Domain Controller, DNS Server or Microsoft Small Business Server configurations.
Thread beginning with comment 238910
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[4]: It´s really funny
by dylansmrjones on Wed 9th May 2007 20:24
in reply to "RE[3]: It´s really funny"
Member since:2005-10-02
A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.
OTOH, I don't know how much fighting spyware and malware will help. The weakest point in the chain is the end user.
Member since:2005-07-06
A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.
You are correct, but more correctly, the reason why many don't take open source software (and some cases, proprietary software from non-Microsoft vendors) is because the window between the release of the vulnerability information and the patch is very small.
For a exploit to be successful, there needs to be a sufficiently big enough window as to allow exploit writers to write their malware and deploy it within a quick enough time.
The problem is that open source projects tend to get their vulnerabilities fixed, in some cases, within hours of the vulnerability being made known, with compiled packages made available through distributions within 24 hours.
It isn't the fact that there are vulnerabilities in windows, but the fact that there is a massive delay between the knowledge and patch being made available - the DNS vulnerability has been known for a month, an exploit was made available, and yet, there is this slow, slovenly attitude when it comes to getting fixes out in a timely manner.
Member since:2006-01-06
Member since:
2006-01-06
Yeah, its 14 years and counting for me with no anti-virus on my Mac. I'm sure that there have been plenty of vulnerabilities since MacOS 7 but it hasn't caused me any heartache.
No surprise. Nobody targets operating systems that are used by a tiny fragment of the computing population.