Home > Microsoft > Microsoft Patches Seven Vulnerabilities Microsoft Patches Seven Vulnerabilities Submitted by LogError 2006-07-12 Microsoft 23 Comments “Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important. There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.” About The Author Thom Holwerda Follow me on Twitter @thomholwerda 23 Comments 2006-07-12 2:17 pm Flatline The latest installment in the endless patch cycle. No matter what system you use, it seems like there is constant patching involved. Of course, I’d *rather* have them giving out the patches…it means they are actually fixing bugs and closing security holes; the alternative wouldn’t be pretty. 2006-07-12 7:09 pm raver31 No matter what system you use, it seems like there is constant patching involved. Tell that to the millions of Win98 and WinME users out there 2006-07-12 7:36 pm CPUGuy Care to point me to a Linux vendor that supports their OS for as long as Win98 and ME have been around? 2006-07-12 8:40 pm situation Slackware? It has had security patches since it’s birth, which was before Win98. “omg that doesn’t count!!! I meant Red Hat and professional support!!11!!1” 2006-07-12 9:06 pm Ronald Vos Slackware? It has had security patches since it’s birth, which was before Win98. “omg that doesn’t count!!! I meant Red Hat and professional support!!11!!1” Didn’t Redhat backport a lot of patches to the 2.4 kernel even? 2006-07-12 8:41 pm joelito_pr That’s the beauty of it, that you don’t need to rely on the vendor to get your system secured. 2006-07-12 9:04 pm Moulinneuf All of them ! GNU/Linux is one OS , with many vendor and supporter. Windows 98 stopped being supported in 2000 , Microsoft patched it until july 2006. Windows ME never was really supported , I pitty the fool who got to buy it , it got patched until july 2006. If you got the money and whant older version upgraded and patched , there are vendors who can do the job for you , but you are better served by the latest offerings. 2006-07-12 8:49 pm Flatline OK…I’ll amend it: no matter what (supported) system you use, it seems like there is constant patching involved. 2006-07-12 6:30 pm Jed … there’ll be 7 more vulnerabilities to pop up. 2006-07-12 7:11 pm jcinacio I really can’t see the point on these so-called news. MS has been patching vulnerabilities for years, and it looks as it will continue to do so for some more. Now, it’s time for me to update my Linux system… 2006-07-12 6:52 pm SEJeff Seriously guys, stop bashing Microsoft. They are *really* trying to make Vista a secure product. If they weren’t, they wouldn’t be demoing it’s security features at real hacker conventions. Let them release it and then flood them with angry comments once holes are found in their new security features. A good example would be alsr: http://www.tuxedo-es.org/blog/2006/07/06/vista-probe-02-release/ Microsoft is trying to catch up (security wise) where Linux was about 3-5 years ago. Let them try and if they do a miserable job, you will know as you see reports of worms ravaging the net. Note I am writing this from an Ubuntu desktop at work as a Unix/Linux systems admin… 2006-07-12 7:00 pm Flatline I wasn’t bashing them at all. Like I said, I’d rather see them patching than not. And yes, they’ll still have holes in Vista…every OS has holes (though OpenBSD has done a pretty darn good job making their system secure). 2006-07-12 7:37 pm mkools Yeah OpenBSD is secure, but only the ‘default install’ is, what can you do with the default install? Run a Web/Mailserver? If I install a Windows box and strip al crap with nlite and only install sendmail and apache on it it is as much secure as OpenBSD is. 2006-07-13 6:54 pm SEJeff If I install a Windows box and strip al crap with nlite and only install sendmail and apache on it it is as much secure as OpenBSD is. ALSR, PIE, W^X, SSP, TCP Window Randomization, swap encryption, etc… Those are all proactive security features that go into OpenBSD. They come at the price of making it run more slowly and more difficult to use but increase security. Microsoft uses the reactive approach to security and would not even compare to OpenBSD in your scenario. If you really don’t understand something, please don’t speak like you do. 2006-07-12 7:32 pm Where Linux was? Don’t make you show you a vulnerability listing of the Linux kernel dating back 3-5 years … And the kernel is just one part of a full-out GNU/Linux system. 2006-07-12 8:55 pm Moulinneuf vulnerability listing is not the same as in use vulnerabilities , more people looking at the code means more vulnerability are found and test done on it. 2006-07-13 7:06 pm SEJeff Actually, more people looking at the code means code needs to be written to a higher standard before it is released. It also means that bugs are likely to be fixed much more quickly than with a proprietary solution. http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/st… 2006-07-12 9:56 pm umccullough And as I read that, memories of the childhood story came back… Yeah I know, horrible. 2006-07-12 10:00 pm tomcat News at 11… *yawn* 2006-07-13 12:09 am cyclops I’m surprised by the apathy to these patches. I’m amazed that anyone would say look at Vista and say “don’t be mean” they are really trying with security. Having looked at the profit Microsoft make each year, and their control of the OS market; Number of employees etc, Security is generally not good enough, and pointing to the next OS and saying thats the silver bullet is nonsence. Its not out till at least 2007. The reality is that any comparison can be drawn to Linux or even OS X should be an embarassment to Microsoft. The reality is the article in question contains nothing other than Microsoft fixed some serious vunerabilities, and they damn well should. Its not a good indication of how effective they are at finding, fixing, or even quality of code, but then again judging by the comments here who would care. 2006-07-13 6:14 am dillee1 any TEXT description about what those vulnerabilities realy is? 2006-07-13 3:21 pm slashQuack ahem, These updates include an undocumented, secret method of snooping your hard disk to obtain list of MS and/or other installed software so that MS can shove its asset management software down your throat, force an enterprise agreement upon you, rape and pillage your company’s bankroll, offer poorly coded products with endless patching and security updates and last but not least, fund the Bill and Melinda Gates foundation in order to further suppress Linux in developing countries. Did I miss anything? < and yes, i’m be facetious… > Edited 2006-07-13 15:22 2006-07-13 3:14 pm slashQuack Oh, I am so glad that I actually test these patches before pushing them out. My XP desktop is now utterly useless. Start Menu and taskbar no longer work, can’t connect to network resources, etc. etc. None of the articles on MS or Google corrected the problem. System Restore is useless too. Good luck fellas.