The Active Network
ActiveMac Anonymous | Create a User | Reviews | News | Forums | Advertise  
 

  *  

  'Critical' megapatch sews up 10 holes in IE
Time: 00:03 EST/05:03 GMT | News Source: ZDNet | Posted By: Kenneth van Surksum

Microsoft on Tuesday released a "critical" Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks.

The Redmond, Wash., software giant sent out the IE megafix as part of its monthly Patch Tuesday cycle of bulletins. In addition, Microsoft delivered two bulletins for "critical" Windows flaws, one for an "important" vulnerability in Outlook Express and one for a "moderate" bug in a component of FrontPage and SharePoint.

Write Comment
Return to News

  Displaying 1 through 25 of 348
Last | Next
  The time now is 10:46:45 AM ET.
Any comment problems? E-mail us
#1 By 12071 (203.158.34.64) at 4/12/2006 4:41:20 AM
"Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer"
Is that a new record for IE? I wonder how many boxes were taken over in the time it took Microsoft to acknowledge the bugs and then release them as part of their standard monthly cycle!

http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
I must say though, it's a good thing Microsoft is still releasing these 10-in-1 patches so that Parkkker can continue to play his favourite numbers game!

#2 By 15406 (216.191.227.68) at 4/12/2006 8:25:43 AM
#2: Come on now, Chris. All you've done is given him reason to spin himself into another dimension trying to justify how 10 "own your box" IE holes isn't as bad as a malformed cookie bug from a year ago in Firefox 1.0.0. Sort of like how MS claims Windows is cheaper than Linux even though it costs a ton more.

#3 By 46122 (68.237.207.21) at 4/12/2006 9:40:08 AM
That is right Latch, it cost alot more to retrain, and get new admins to use linux

#4 By 13030 (198.22.121.110) at 4/12/2006 9:48:59 AM
At some point NotParkkkker, using classic MS zealot redirection techniques, should rear his head and comment on Firefox bugs and how all Mozilla bugs are Firefox bugs and so on...

#5 By 12071 (203.158.34.64) at 4/12/2006 10:34:05 AM
And when that's not enough he'll start talking about Linux worms (because that's obviously the next thing on the list)... his example being some PHP worm that was discovered last year and fixed within 24 hours but don't let the facts get in the way of classic MS misdirection tactics!

#6 By 16797 (142.46.227.65) at 4/12/2006 11:31:12 AM
Eight of the 10 vulnerabilities repaired by the IE update could be abused to gain complete control over a Windows computer

Even if you're not using admin account?

One way or another it is still horrible track record for IE.

I know other browsers have their problems, but IE is just.. I mean is there infinite number of bugs in that thing or what?

#7 By 15406 (216.191.227.68) at 4/12/2006 12:09:08 PM
#4: Only a fool would take Windows admins and try to train them on Linux. Hire Linux admins or hire admins who know both.

#7: Geez, who isn't using an account with admin rights in Windows? Anyway, the infinite number of critical bugs in IE is only half the picture. MS' slow response to patching is the other half:

"Over the past year, Mozilla averaged about 21 days before it issued fixes for flaws in Firefox, compared with the 135 days it took for Microsoft to address problems." - Washington Post, Feb 2006.

http://www.washingtonpost.com/wp-dyn/content/article/2006/02/11/AR2006021100217.html

#8 By 16797 (142.46.227.65) at 4/12/2006 2:56:08 PM
#7: Geez, who isn't using an account with admin rights in Windows? Anyway, the infinite number of critical bugs in IE is only half the picture. MS' slow response to patching is the other half:

Practically every user on our network, here where I work, can't log on as admin. It's just our networking guys and us, developers, that can use domain/local admin accounts.

Indeed: geez... What kind of fool runs a network where regular users can log on as admins?

This post was edited by gonzo on Wednesday, April 12, 2006 at 16:06.

#9 By 15406 (216.191.227.68) at 4/12/2006 3:29:29 PM
#9: I was referring to the average joe at home. You soundlike you've got a decent net setup where the users are locked down enough to not be a menace to the network and themselves.

#10 By 3653 (63.162.177.143) at 4/12/2006 5:18:37 PM
where were you guys last week when apple released their ?100? bug fixing 65MB MEGApatch?

10.4.6 - months of bug fixes... timely delivered months after the discoveries

This post was edited by mooresa56 on Wednesday, April 12, 2006 at 17:19.

#11 By 32132 (64.180.219.241) at 4/12/2006 6:38:44 PM
21 security holes in Firefox this week alone!

http://www.mozilla.org/security/announce/2006/mfsa2006-09.html

RedHat has had 467 patches in 14 months:

https://rhn.redhat.com/errata/rhel4as-errata.html

197 security related: https://rhn.redhat.com/errata/rhel4as-errata-security.html

And many of them are more than 1 fix in a patch.

Thats a lot of patching!

This post was edited by NotParker on Saturday, April 15, 2006 at 01:39.

#12 By 16797 (70.48.107.84) at 4/12/2006 7:03:50 PM
RedHat has had 467 patches in 14 months

Yeah, but.. we do not use RH on our desktops. Not even on our servers. Do you?

And we have Windows with IE on every workstation.

Now, that, my friend, is a lot of patching.

This post was edited by gonzo on Wednesday, April 12, 2006 at 19:04.

#13 By 32132 (64.180.219.241) at 4/12/2006 7:19:16 PM
#13 "Yeah, but.. we do not use RH on our desktops. Not even on our servers. Do you?"

No. Very few people do. But it is the #1 Linux.

We use WSUS. A couple of clicks and the patches are released. Don't you use WSUS or SUS or SMS or HFnetchkpro?

#14 By 23275 (68.17.42.38) at 4/12/2006 10:49:39 PM
WSUS and ISA 2004 - cache rule, too - makes life so nice....!

#15 By 12071 (203.158.34.64) at 4/13/2006 6:21:19 AM
The smoke and mirrors attacks from Parkkker and his side kick mooresa have begun :) Isn't it nice to compare the number of patches for a single application vs. an OS with thousands of applications - all of which will not be installed by default and all with the option (read: choice) of being installed/uninstalled.

#16 By 16797 (142.46.227.65) at 4/13/2006 8:00:52 AM
We use WSUS. A couple of clicks and the patches are released. Don't you use WSUS or SUS or SMS or HFnetchkpro?

Guys here use WSUS too.

I think you missed my point: Red Hat can have 1 or 1,000 patches released in last X months, but it doesn't mean anything to us. We use Windows and we still have to patch it. I don't see how is RH Linux relevant to that.. ?

Come on, how many *huge* holes have they discovered in IE in the last 3-4 years? I can't name any other single application from MS with so many, yet so big, problems. Not even Outlook Express comes close to IE. Couldn't they have done it a bit better in first place?

Having said that, shit happens.. and I am glad they're working on it. I personally hope that Vista, indeed, will finally solve the 99% of the problems by, among other things, sandboxing IE. They should have done that long time ago, IMHO.

#17 By 3653 (63.162.177.143) at 4/13/2006 10:53:36 AM
gonzo/notparker, havent you heard? desktop linux will be mainstream in "12 to 18 months".

lmao for the ?5th? year in a row.

#18 By 32132 (64.180.219.241) at 4/13/2006 10:57:48 AM
#16 Don't be such a whiner.

There are a bunch of Firefox exploits in the RedHat list. 8 actually. Many of those are multiple exploit patches.

And a lot of the most common applications that get installed:

Linux Kernel: 7 of those of which 1 has 16 fixes, another has 40 or 50, 17, 6 , 18 etc

Wow, there must well be over 100 security issues for the kernel alone.

Sendmail
OpenSSH
KDE (lots of those)
OpenOffice
PHP
Perl
Python

etc etc



This post was edited by NotParker on Thursday, April 13, 2006 at 10:59.

#19 By 32132 (64.180.219.241) at 4/13/2006 11:34:51 AM
#17 "sandboxing IE"

Well, you can do that now using psexec or "Software Restriction Policies" ie SAFER

Psexec:

http://www.sysinternals.com/blog/2006/03/running-as-limited-user-easy-way.html

Software Restriction (SAFER) :

With Windows XP or later, you can use Software Restriction Policies to force an application to run as a limited user. You simply need to change a registry setting on the machine used to edit the policy, so that the additional levels are visible.

1. Add a new DWORD value called Levels to the following registry key, and give it a value of 0x31000:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Safer\CodeIdentifiers

2. Open the Group Policy object you want to edit, and navigate to:
Computer Configuration\Windows Settings\Security Settings\Software Restriction Policies\Additional Rules;

NB: If the Software Restriction Policies node has no entries, right-click and choose Create New Policies;

3. Right-click and choose New Path Rule...;

4. Select the path of the executable to restrict, and set the Security Level to Basic User;

You will need to refresh the group policy settings, and restart any affected applications for the changes to take effect.


http://msdn.microsoft.com/library/en-us/dncode/html/secure01182005.asp


#20 By 39852 (204.101.172.146) at 4/13/2006 11:37:04 AM
This site is odd. In all the comments section each argument, no matter what the topic it is, ends up being an argument about whether Windows or Linux is better.

The first 2 or 3 comments will maybe be on topic, and the rest is like listening to kids throwing tantrums. With pointless insults being tossed everywhere by people who claim to be only telling the truth. It's not a pleasure. It's not interesting. It's idiotic.

The news posts are either PR from MS or duplicate stories re-worded maybe with a different source. At least tack on the additional sources to the original article. Is this designed to make the site look inflated, like it has lots of news?

Plus there are popups everywhere. There is Java and Flash and stuff with sound, windows that popup when you highlight stuff. I don't know if anyone still browses with IE6 but it's a chore to browse this site with that browser.

There are less and less comments being posted each day that aren't by the same people arguing. There is less and less interesting content being posted in the News.

Just an observation.

#21 By 3653 (63.162.177.143) at 4/13/2006 1:20:25 PM
Mister - "pointless insults being tossed everywhere by people who claim to be only telling the truth"

I'm not sure how pointing our the truth is pointless. If you refute what we're saying, please proceed. If you think that someone is being dishonest, point that out too. OTHERWISE, the info is good to know... lest you be lulled to sleep by the yellow tech rags out there.

#22 By 32132 (64.180.219.241) at 4/13/2006 1:26:17 PM
#21 "ends up being an argument about whether Windows or Linux is better"

I thought the pro-Linux argument always boiled down to "free as in beer" and "zero security holes" and "well, we lied about zero, but they get fixed fast" ... not that Linux was "better".


#23 By 15406 (216.191.227.68) at 4/13/2006 1:40:05 PM
#23: Linux was never, ever promoted as having zero security problems by anyone with any standing to speak on behalf of Linux. Nothing is perfect. What it was promoted as was a free UNIX-like operating system. Over time it has matured to an enterprise-ready platform. The fact that it has less problems overall than Windows and faster patching is just icing on the cake.

#24 By 39852 (204.101.172.146) at 4/13/2006 1:52:55 PM
I don't care to refute or even reference anything anyone is saying. I don't even want to become part of the argument as it is being carried out in a way that isn't helpful or beneficial, except for inflating peoples' egos. I'm just saying day in and day out, it's all the same. People taking stuff out of context on purpose, being obtuse on purpose, making straw man arguments, talking in circles, and in the end it's the same rehashes of the same arguments. It's a brain-dead near-flamewar under almost every story. The same people participating in the same arguments achieving the same results all the time: pointlessness.

#25 By 15406 (216.191.227.68) at 4/13/2006 3:38:46 PM
#25: Perhaps we enjoy it. And who are you to ruin our fun anyway, Mr. Fun-Ruiner? Nothing brightens my day more than watching Parkkker contort himself into a knot trying to defend MS' evil and incompetence. Microsoft gives me an endless series of evil deeds and boneheaded moves to use to that end.

Write Comment
Return to News
  Displaying 1 through 25 of 348
Last | Next
  The time now is 10:46:45 AM ET.
Any comment problems? E-mail us
User name and password:

 

  *  
  *   *