| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Warns of HP Patch Problem | |
|
||
| Time: 01:02 EST/06:02 GMT | News Source: *Linked Within Post* | Posted By: Kenneth van Surksum | ||
|
Users of Hewlett-Packard Co. printers, scanners and cameras may be experiencing some problems after installing Microsoft’s latest round of security patches, released late last week. The problems, which concern a Windows operating system patch numbered MS06-015, can cause some applications to crash, Microsoft warned Saturday. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 163 Last | Next |
The time now is
9:57:20 PM
ET.
Any comment problems? E-mail us |
| #1 By 23603 (204.19.71.2) at 4/18/2006 8:27:45 AM |
| Really intelligent comment RAID0.... |
| #2 By 29664 (38.116.145.116) at 4/18/2006 9:31:45 AM |
| Well I would count this as a serious problem. Sounds like it hits machines with devices directly attached which is minimal at my company but, we'd have a hell of a time knowing the source of the issue unless I saw this article. |
| #3 By 12071 (203.206.253.53) at 4/18/2006 11:22:32 AM |
|
I posted a link to this story in another thread... didn't realise I'd need it again so soon! Good old patch MS06-015!!
http://www.eweek.com/article2/0,1895,1949279,00.asp "Is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of "misleading" customers by not clearly spelling out exactly what is being patched in the MS06-015 bulletin released on April 11." "In an entry posted to the SecuriTeam blog, Murphy noted that the vulnerability that is documented was privately reported, but the "variation" that was also patched has been publicly known for 700+ days." It has been long argued that Microsoft's appalling track record when it comes to releasing patches is due to them having to test so many different variations - but it doesn't seem that their testing is any better or worse than anyone elses. Perhaps, as Mr Murphy pointed out, if Microsoft provided more detailed information in their bulletins customers could have had a better idea of the risks associated with this patch - after all, clicking on File -> Open is a fairly common task! This post was edited by chris_kabuki on Tuesday, April 18, 2006 at 11:23. |
| #4 By 32132 (64.180.219.241) at 4/18/2006 11:32:08 AM |
|
#4 Secretiveness is a great topic Chris. I notice that details of most of the last 21 security holes in Firefox are being deliberately kept secret.
Do you think thats a good idea? http://secunia.com/advisories/19631 For example, this one: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html Exploit code and details embargoed during the active update period. |
| #5 By 3746 (71.19.43.237) at 4/18/2006 11:34:05 AM |
| hey i though firefox was perfect like other open source software and doesn't have any security problems? |
| #6 By 32132 (64.180.219.241) at 4/18/2006 11:34:44 AM |
|
As for 700+ days:
https://bugzilla.mozilla.org/show_bug.cgi?id=265736 October 23, 2004. I thought open source fixed bugs in days ... not 450 days. I would check how old the others are ... but most are embargoed. |
| #7 By 15406 (216.191.227.68) at 4/18/2006 12:34:43 PM |
|
I thought the apologists excuse for MS taking weeks to issue a critical patch was that the patch had to go through a gauntlet of harcore tests to make sure nothing got broken. So the patch comes out and breaks everything under the sun, from Explorer to IE. Now HP devices are screwed too? Awesome work, MS.
|
| #8 By 22962 (12.205.118.31) at 4/18/2006 1:11:51 PM |
|
hey i though firefox was perfect like other open source software and doesn't have any security problems?
None of the softwares are safe nor secure. IE has more holes than Firefox. For more info about Firefox/IE security holes, go to the website at: http://secunia.com |
| #9 By 32132 (64.180.219.241) at 4/18/2006 1:55:51 PM |
|
#10 "IE has more holes than Firefox."
Not over 2005/2006. However, if you use Secunia as a source, you get 1 advisory for the 21 security holes in Firefox last week ... so its not a good place to add them up. #4 In regards to "disclosure" http://blogs.technet.com/msrc/archive/2006/04/15/425311.aspx "Another question I’ve gotten is around the defense in depth change documented in MS06-015. There’s been some confusion around that I think, but as is our normal practice for security bulletins, we document the existence of any additional defense in depth product behavioral changes, as well as the area of functionality where the change occurred so that customers can assess the impact to their environments. However, providing more detail on internal product changes could serve to aid attackers. Suffice to say the change is *not* related to a software vulnerability, merely a product behavior change to make the product more resilient to attack. There’s been some feedback we can make that more clear so we will work to do so in the future. On the whole, customers have been clear that we need to strike a balance between providing information to assess risk, and aiding attackers. But as our constant readers know, the information in our security bulletins has become more and more detailed over time so we certainly will be listening to your feedback about the information we provide to make the bulletins better." |
| #10 By 32132 (64.180.219.241) at 4/18/2006 2:00:45 PM |
|
More info:
http://blogs.technet.com/msrc/default.aspx "Hi everyone, Mike Reavey here again. I wanted to follow up with the results of our investigation into some issues with security update MS06-015. Turns out that under certain circumstances, changes introduced in MS06-015 could cause an application to stop responding during specific interactions with older versions of Hewlett Packard’s “Share-to-web” software utility, or older NVIDIA video card drivers. In the case of the Hewlett Packard software, their new version known as “HP Image Zone Version 5” is not affected. Neither are the most recent NVIDIA graphics card drivers. So customers running these more recent versions are not affected by this issue. The current versions of the Hewlett Packard and NVIDIA software are available from the manufacturer websites. To give you some idea of the scope of the problem, so far out of over 120 million successful installations of the MS06-015 update, the number of calls related to this issue is currently well under a thousand. Of course, even one customer having a problem is too many and that’s why we’ve been working on investigating this and determining solutions. We are also continuing to monitor the situation to measure scope and impact. We’ve updated security bulletin MS06-015 to document this issue. In addition, we published knowledge base article 918165, which details the older software this issue affects. We’ll be updating that soon to provide locations to the updated software that is unaffected by this issue. We’re working directly with the manufactures of the affected software to assist customers. So to be clear, customers who are running the latest NVIDIA drivers, or who are running the current version of the Hewlett Packard Image Zone software are not impacted. Customers who believe they are affected should upgrade to the latest versions of the affected software, or they can contact Microsoft Product Support Services for assistance. Contact Product Support Services in North America for help with security update issues at no charge using the PC Safety line (1-866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/gp/securityhome Meanwhile we're still looking at the best way to assist customers who may have been impacted by this and I encourage everyone to review KB article 918165 or contact us using the number above if they think they are having the problem." |
| #11 By 15406 (216.191.227.68) at 4/18/2006 2:52:04 PM |
|
Wow, Parkkker. I've never seen anyone work so hard at spinning as you. I hope MS is paying you enough to make it all worthwhile.
|
| #12 By 22962 (12.205.118.31) at 4/18/2006 3:24:38 PM |
|
#11, I have not checked with the secunia for awhile. Last time I checked, that IE had more holes than firefox.. that's why I heard that security news. I have been busy with work and not able to have time to check all the websites for most lastest news or updates. Thanks for recent update. This post was edited by budmanjr on Tuesday, April 18, 2006 at 18:06. |
| #13 By 32132 (64.180.219.241) at 4/18/2006 6:02:32 PM |
| #13 Latch, I hope whoever is paying you gets credit for hiring the mentally challenged. |
| #14 By 15406 (216.191.227.68) at 4/19/2006 9:36:07 AM |
| #15: Be nice, Parkkkkker, or I'll have your mommy take away your Bill Gates doll. |
| #15 By 3746 (71.19.43.237) at 4/19/2006 11:54:54 AM |
|
#10
I was being sarcastic. Thanks for the lesson though. |
| #16 By 32132 (142.32.208.232) at 4/19/2006 1:20:45 PM |
| #16 Dolls? I thought playing with dolls was a Linux thing ... isn't that what the Penguin is? |
|
Write Comment
Return to News |
Displaying 1 through 25 of 163 Last | Next |
The time now is
9:57:20 PM
ET.
Any comment problems? E-mail us |
