Linked by Thom Holwerda on Wed 9th May 2007 10:15 UTC, submitted by anonymous
Microsoft has released patches for 19 vulnerabilities, 14 of which are critical, hitting at holes in Excel, Word, Office, Exchange, Internet Explorer, cryptographic technology and the whopper of them all, the zero-day vulnerability in the DNS Server's use of RPC. The DNS remote code execution vulnerability affects server-grade operating systems, including Windows 2000 and Windows Server 2003, and only those that have the DNS service enabled, such as Domain Controller, DNS Server or Microsoft Small Business Server configurations.
Thread beginning with comment 238917
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.
You are correct, but more correctly, the reason why many don't take open source software (and some cases, proprietary software from non-Microsoft vendors) is because the window between the release of the vulnerability information and the patch is very small.
For a exploit to be successful, there needs to be a sufficiently big enough window as to allow exploit writers to write their malware and deploy it within a quick enough time.
The problem is that open source projects tend to get their vulnerabilities fixed, in some cases, within hours of the vulnerability being made known, with compiled packages made available through distributions within 24 hours.
It isn't the fact that there are vulnerabilities in windows, but the fact that there is a massive delay between the knowledge and patch being made available - the DNS vulnerability has been known for a month, an exploit was made available, and yet, there is this slow, slovenly attitude when it comes to getting fixes out in a timely manner.
Member since:2006-01-06
You are correct, but more correctly, the reason why many don't take open source software (and some cases, proprietary software from non-Microsoft vendors) is because the window between the release of the vulnerability information and the patch is very small.
First, I'm sure you don't mean to include Apple when you say "non-Microsoft vendors" because their track record on average discovery to patch time compares with Microsoft's pretty closely.
Second, patch availability doesn't equate to patch installation on an end-user's box. Shortening the cycle time merely increases the number of patches; it doesn't mean that the software you're using is "more secure".
Member since:2006-01-06
RE[6]: It´s really funny
by stestagg on Wed 9th May 2007 22:07
in reply to "RE[5]: It´s really funny"
Member since:2006-06-03
RE[6]: It´s really funny
by dylansmrjones on Wed 9th May 2007 22:20
in reply to "RE[5]: It´s really funny"
Member since:2005-10-02
Member since:
2005-10-02
A market share of approx. 2-5% (depending on source) is not exactly tiny. We are talking many millions of users. OS X is being targeted and so is Linux. These attacks are just less succesful - so is spyware and malware targeted against Vista.
OTOH, I don't know how much fighting spyware and malware will help. The weakest point in the chain is the end user.