Home > Microsoft > Microsoft Patches Seven VulnerabilitiesMicrosoft Patches Seven Vulnerabilities Submitted by LogError 2006-07-12 Microsoft 23 Comments“Microsoft alerted us this time about seven vulnerabilities of which five were rated critical and two important. There are vulnerabilities in the Server service, the DHCP Client service, Excel and Office that could allow remote code execution.”About The Author Thom HolwerdaFollow me on Twitter @thomholwerda 23 Comments 2006-07-12 2:17 pm FlatlineThe latest installment in the endless patch cycle. No matter what system you use, it seems like there is constant patching involved. Of course, I’d *rather* have them giving out the patches…it means they are actually fixing bugs and closing security holes; the alternative wouldn’t be pretty. 2006-07-12 7:09 pm raver31 No matter what system you use, it seems like there is constant patching involved.Tell that to the millions of Win98 and WinME users out there 2006-07-12 7:36 pm CPUGuyCare to point me to a Linux vendor that supports their OS for as long as Win98 and ME have been around? 2006-07-12 8:40 pm situationSlackware? It has had security patches since it’s birth, which was before Win98.“omg that doesn’t count!!! I meant Red Hat and professional support!!11!!1” 2006-07-12 9:06 pm Ronald VosSlackware? It has had security patches since it’s birth, which was before Win98.“omg that doesn’t count!!! I meant Red Hat and professional support!!11!!1”Didn’t Redhat backport a lot of patches to the 2.4 kernel even? 2006-07-12 8:41 pm joelito_prThat’s the beauty of it, that you don’t need to rely on the vendor to get your system secured. 2006-07-12 9:04 pm MoulinneufAll of them !GNU/Linux is one OS , with many vendor and supporter.Windows 98 stopped being supported in 2000 , Microsoft patched it until july 2006.Windows ME never was really supported , I pitty the fool who got to buy it , it got patched until july 2006.If you got the money and whant older version upgraded and patched , there are vendors who can do the job for you , but you are better served by the latest offerings. 2006-07-12 8:49 pm FlatlineOK…I’ll amend it: no matter what (supported) system you use, it seems like there is constant patching involved. 2006-07-12 6:30 pm Jedd… there’ll be 7 more vulnerabilities to pop up. 2006-07-12 7:11 pm jcinacioI really can’t see the point on these so-called news. MS has been patching vulnerabilities for years, and it looks as it will continue to do so for some more.Now, it’s time for me to update my Linux system… 2006-07-12 6:52 pm SEJeffSeriously guys, stop bashing Microsoft. They are *really* trying to make Vista a secure product. If they weren’t, they wouldn’t be demoing it’s security features at real hacker conventions. Let them release it and then flood them with angry comments once holes are found in their new security features. A good example would be alsr:http://www.tuxedo-es.org/blog/2006/07/06/vista-probe-02-release/Microsoft is trying to catch up (security wise) where Linux was about 3-5 years ago. Let them try and if they do a miserable job, you will know as you see reports of worms ravaging the net.Note I am writing this from an Ubuntu desktop at work as a Unix/Linux systems admin… 2006-07-12 7:00 pm FlatlineI wasn’t bashing them at all. Like I said, I’d rather see them patching than not. And yes, they’ll still have holes in Vista…every OS has holes (though OpenBSD has done a pretty darn good job making their system secure). 2006-07-12 7:37 pm mkoolsYeah OpenBSD is secure, but only the ‘default install’ is, what can you do with the default install?Run a Web/Mailserver?If I install a Windows box and strip al crap with nlite and only install sendmail and apache on it it is as much secure as OpenBSD is. 2006-07-13 6:54 pm SEJeffIf I install a Windows box and strip al crap with nlite and only install sendmail and apache on it it is as much secure as OpenBSD is.ALSR, PIE, W^X, SSP, TCP Window Randomization, swap encryption, etc… Those are all proactive security features that go into OpenBSD. They come at the price of making it run more slowly and more difficult to use but increase security.Microsoft uses the reactive approach to security and would not even compare to OpenBSD in your scenario. If you really don’t understand something, please don’t speak like you do. 2006-07-12 7:32 pm Tom KWhere Linux was?Don’t make you show you a vulnerability listing of the Linux kernel dating back 3-5 years … And the kernel is just one part of a full-out GNU/Linux system. 2006-07-12 8:55 pm Moulinneufvulnerability listing is not the same as in use vulnerabilities , more people looking at the code means more vulnerability are found and test done on it. 2006-07-13 7:06 pm SEJeffActually, more people looking at the code means code needs to be written to a higher standard before it is released. It also means that bugs are likely to be fixed much more quickly than with a proprietary solution.http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/st… 2006-07-12 9:56 pm umcculloughAnd as I read that, memories of the childhood story came back…Yeah I know, horrible. 2006-07-12 10:00 pm tomcatNews at 11…*yawn* 2006-07-13 12:09 am cyclopsI’m surprised by the apathy to these patches. I’m amazed that anyone would say look at Vista and say “don’t be mean” they are really trying with security.Having looked at the profit Microsoft make each year, and their control of the OS market; Number of employees etc, Security is generally not good enough, and pointing to the next OS and saying thats the silver bullet is nonsence. Its not out till at least 2007.The reality is that any comparison can be drawn to Linux or even OS X should be an embarassment to Microsoft.The reality is the article in question contains nothing other than Microsoft fixed some serious vunerabilities, and they damn well should.Its not a good indication of how effective they are at finding, fixing, or even quality of code, but then again judging by the comments here who would care. 2006-07-13 6:14 am dillee1any TEXT description about what those vulnerabilities realy is? 2006-07-13 3:21 pm slashQuackahem,These updates include an undocumented, secret method of snooping your hard disk to obtain list of MS and/or other installed software so that MS can shove its asset management software down your throat, force an enterprise agreement upon you, rape and pillage your company’s bankroll, offer poorly coded products with endless patching and security updates and last but not least, fund the Bill and Melinda Gates foundation in order to further suppress Linux in developing countries.Did I miss anything?< and yes, i’m be facetious… >Edited 2006-07-13 15:22 2006-07-13 3:14 pm slashQuackOh, I am so glad that I actually test these patches before pushing them out. My XP desktop is now utterly useless. Start Menu and taskbar no longer work, can’t connect to network resources, etc. etc. None of the articles on MS or Google corrected the problem. System Restore is useless too. Good luck fellas.