| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Redmond Mulls Emergency Patch for IE Attacks | |
|
||
| Time: 17:59 EST/22:59 GMT | News Source: eWeek | Posted By: Andre Da Costa | ||
|
Microsoft Corp. is working on a plan to release an out-of-cycle patch to cover a gaping hole in its dominant Internet Explorer browser. Sources say the MSRC (Microsoft Security Response Center) is aggressively aiming to release the emergency IE fix ahead of the December 13 Patch Tuesday schedule. Officially, the company isn't commenting on a timeline for the IE patch. A Microsoft spokeswoman said the creation of security updates is "an extensive process involving a series of sequential steps." | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 310 Last | Next |
The time now is
2:55:05 PM
ET.
Any comment problems? E-mail us |
| #1 By 12071 (203.206.243.239) at 12/1/2005 4:13:49 AM |
| So it takes 6 months AND a "drive-by exploit successfully loading pornography-themed spyware" for Microsoft to sit up, take notice and try to get a patch out. |
| #2 By 15406 (216.191.227.68) at 12/1/2005 8:03:47 AM |
|
#2: MS can't be bothered to get off its ass unless its revenue is threatened, or its publicly shamed into action.
#3: If Bill G farted, there'd be a story posted here before the stink cleared. But when a major upgrade to Firefox is released, every site on the net has the story except ActivePopups. |
| #3 By 61 (71.251.77.233) at 12/1/2005 8:17:44 AM |
|
Latch, first, #4's comment is correct, I suggest you read it and take your head out of your ass.
Second, if every other new site has a Firefox article, what exactly would be the point in posting it here? Also, why do you even care? If you don't like what news is getting posted here, don't come here. Sidenote, I use FF 1.5 |
| #4 By 15406 (216.191.227.68) at 12/1/2005 9:43:55 AM |
|
#6: (1) So let me get this right. A company with literally billions in the bank doesn't have the resources to properly investigate and fix flaws in their software? Yet some company with a microscopic presence by comparison can figure out that this supposedly harmless bug is really an extremely critical own-your-box flaw? I suggest that you yourself need a little fresh air. Stop making excuses for them or you'll be lumped in with the rest of the apologists.
(2) That statement is just plain stupid. If they're going to be a Windows news site, perhaps they should post significant stories such as a major browser upgrade. By your bizarre logic, AW should only post stories that nobody else does??? (3) Why am I here? Someone has to balance all the MS fanboy bleating that goes on here. |
| #5 By 23275 (68.17.42.38) at 12/1/2005 1:05:12 PM |
|
Panda Software's products - both client and enterprise, stop the exploit cold.
True Prevent sandboxed the exploit and killed it dead on all systems - even unpatched, older systems in our test environment. While I hate malware and the costs associated with it and the very thought of running any form of protection [my, what a beautiful world it would be if all ports were allowed to be open and no bad people did bad things... - the net would be a ball to use for all forms of interaction...], Panda, even though Admin Secure had some really bad growing pains, has proven to be just about incredible - making any other product we have tested [virtually all], seem much less capable. We use it for all clients and all networks we support and it does work and has made even latent patches pretty much a non-issue for our clients. |
| #6 By 61 (71.251.77.233) at 12/1/2005 1:20:16 PM |
|
Latch, a company such as Microsoft has to do TONS and TONS of regression testing and such. They have to make sure that the patch doesn't screw up anything, no matter what configuration of patches, SPs, etc... are applied.
Where as a small miniscule company doesn't have anywhere near the installed base that Microsoft has with Windows. It's just something that takes time. And really, what I was saying was true was that the flaw was just a minor flaw until someone figured out how to make code remotely execute, thus changing the priorty that the flaw would have. |
| #7 By 15406 (216.191.227.68) at 12/1/2005 1:42:38 PM |
| #10: But that's what I was getting at. I realize that MS has to do a lot of regression testing with any patches it makes. The fact that it's hard doesn't excuse them from doing the work. My comparison with a small company was more how the small company can find critical flaws in MS code that MS can't seem to find by itself. It has the resources to hire 1,000 people to do nothing but hack Windows all day long, yet it's always the same group of security companies that find these flaws. MS sits on the info until it becomes a huge problem and only then does it try to fix things. Why not 6 months ago? |
| #8 By 32132 (207.216.27.238) at 12/1/2005 2:52:30 PM |
|
I'm suprised ActiveMac has failed to mention the huge bug in Firefox 1.5, newest security holes in OS X, or the fact that SANS has now taken notice of OS X.
"http://www.techworld.com/security/news/index.cfm?NewsID=4891&Page=1&pagePos=11&inkc=0" "Apple has warned that the Mac OS X operating system contains 13 security flaws, some of them highly serious. The company issued a cumulative patch for the bugs on Wednesday. The impact of the flaws includes remote code execution, security bypass, spoofing, cross site scripting, denial of service and other effects, according to Apple. Some of the flaws can be exploited from the Internet. The most serious of the flaws could allow an attacker to remotely execute malicious code, effectively taking over the system. These include flaws in CoreFoundation, curl, and two bugs in the Safari browser. " "The SANS Institute last week highlighted Mac security flaws in its list of top 20 security issues, partly in order to give users a wake-up call, according to the organisation. "Although Mac OS X has security features implemented out of the box such as built-in personal firewall, un-necessary services turned off by default and easy ways to increase the OS security, the user still faces many vulnerabilities," SANS said in the report. SANS noted that vulnerabilities continue to crop up regularly in Safari. "in certain cases exploit code has also been posted publicly," the group said. Apple's way of releasing updates cumulatively doesn't make things easier for system administrators, SANS said. "Apple frequently issues Mac OS X cumulative security updates that tend to include fixes for a large number of vulnerabilities with risk ratings ranging from critical to low. This complicates the tracking of vulnerabilities for this OS," SANS' report said. " This post was edited by NotParker on Thursday, December 01, 2005 at 14:53. |
| #9 By 2459 (69.22.124.225) at 12/1/2005 5:03:54 PM |
|
It has the resources to hire 1,000 people to do nothing but hack Windows all day long, yet it's always the same group of security companies that find these flaws.
In some cases Microsoft pays these companies to do just that. MS sits on the info until it becomes a huge problem and only then does it try to fix things. Why not 6 months ago? Why is it so hard to understand that this isn't the only issue MS has to deal with? There are likely a number of other issues that were of higher priority until recently (some may still have priority over this one). Regression testing isn't a small matter that can be solved just by throwing more resources at it. They have to research each issue, figure out if the suggested system (if the issue is discovered by a third-party) is the actual root cause of the issue, then engineer a fix and test the fix. If the fix doesn't work then the process (or parts of it) has to be repeated. Do you expect them to work on another fix for the same issue (an actual patch, not a workaround) before they even know whether the initial fix will work without regression? |
|
Write Comment
Return to News |
Displaying 1 through 25 of 310 Last | Next |
The time now is
2:55:05 PM
ET.
Any comment problems? E-mail us |
