| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
DNS patch to come by May 8... maybe | |
|
||
| Time: 01:50 EST/06:50 GMT | News Source: InfoWorld | Posted By: Kenneth van Surksum | ||
|
Microsoft hopes to fix by May 8 a critical flaw in Windows Domain Name System (DNS) servers that is being exploited by online criminals, the company said late Tuesday. Microsoft has been under pressure to address the flaw, reported last week, since software that exploits it has now been widely disseminated, and criminals are beginning to use it in attacks. On Monday, security experts confirmed that variants of the Rinbot worm (also called Nirbot by some vendors) had been scanning networks for vulnerable systems and then attempting to exploit the DNS bug. Microsoft characterizes the level of attacks as "not widespread." | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 217 Last | Next |
The time now is
12:00:37 AM
ET.
Any comment problems? E-mail us |
| #1 By 860 (71.207.193.106) at 4/19/2007 7:45:54 AM |
|
...and millions of businesses around the world will continue to just accept Microsoft's lazy security attitude.
Reminds me of the last one... yeah, you know, the one that had been reported in December but unpatched until April? Maybe a worm will shake this patch out of the tree like the last one did. |
| #2 By 15406 (216.191.227.68) at 4/19/2007 8:14:16 AM |
|
'Microsoft characterizes the level of attacks as "not widespread."'
Give me a break. Who do they think they're fooling? This very minute there are probably multiple automated worms scanning the entire net looking for exposed WinDNS servers. I wonder if MS has redefined the word 'widespread'. |
| #3 By 23275 (24.179.4.158) at 4/19/2007 8:38:48 AM |
|
#2, The ass-chapping side of this one is the attention the DCOM RPC service received in years past from both criminal hackers and Microsoft. I think by late spring 2004, we all expected that every possible review would have been conducted - coming in the wake of a year of similar vulnerabilities.
While I'm not worried about managed networks and systems at all - there will certainly be many systems compromised that will result it yet more attacks, and even higher levels of mal-ware laced SPAM. While any decent firewall mitigates this and a no-reboot work-around is easy to implement, I still reached for the Ames Powder and Tucks Pads over this one. I agree, there are likely hundreds, if not thousands of scanners working to harvest as many systems as possible. |
| #4 By 15406 (216.191.227.68) at 4/19/2007 10:46:17 AM |
| #3: You're right in that well-managed systems will be protected and most major orgs will never have a problem. It's the "under-the-rader" folks, hobbyists etc that may not be behind an adequate firewall that will be hit. |
| #5 By 37047 (216.191.227.68) at 4/19/2007 11:24:12 AM |
| Gee, first Latch agrees with something Parkkker said, and now he is agreeing with something lketchum said. This has to be a sign of an impending apocalypse. :-) |
| #6 By 23275 (24.179.4.158) at 4/19/2007 11:55:01 AM |
|
Hard not to agree on this one - the facts are clearer - there is an exploit against a vulnerability in W2K/W2K3 DCOM RPC as it affects the remote management of Windows based DNS/AD-DNS Services, which is mitigated by most firewalls running even default configurations and or the application of a reg key that does not require a re-boot [but does require that one restart the DNS Service].
Similarly, we all agree yet another DCOM RPC vuln. sucks! and that ass-hats all around the criminal hacking community are going to leverage it opposite more naively managed systems. Finally, after the beating taken in the summer and fall of 2003 - followed by all the work in 2004 leading up to an after XP SP2 was shipped and we all hoped that the work there would benefit W2K and W2K3, there is not much ground to stand on in defense of Microsoft on this one [other than to admit that on my best day, I could not have done any better - but... that said, we are the customers in this case and not the manufacturer]. |
| #7 By 32132 (142.32.208.234) at 4/19/2007 12:03:42 PM |
|
"Block TCP and UDP port 445 as well as all unsolicited inbound traffic on ports greater than 1024"
Essentially the systems not behind a firewall of any kind are vulnerable from outside your system. Even the most rudimentry firewall in a DSL router will keep you safe from this vulnerability. And if you are running Windows 2003 Server on the Internet and not behind a firewall/router and you don't have the built-in firewall turned on, you are not very bright. |
| #8 By 3653 (68.52.143.149) at 4/19/2007 7:03:20 PM |
|
24 more patches, and it'll equal apple's monthly release (released today, so don't confuse it with the 44 patches last month, or the 103 released in ?january?)
http://www.betanews.com/article/Apple_Plugs_25_Mac_OS_Security_Holes/1177019743 jeez apple. what is that, like 300 patches in 2007? This post was edited by mooresa56 on Thursday, April 19, 2007 at 19:04. |
| #9 By 12071 (203.185.215.144) at 4/19/2007 8:39:12 PM |
|
#8 That's the difference that you're failing to miss. Other vendors, in this particular case Apple, actually patch their systems! Microsoft on the other hand keep you waiting with maybe a little hope that the patch might potentially be ready at some stage in the future if your lucky enough for them to actually take it seriously rather than waiting for their bottom line to be in jeopardy!
And, honestly champ, if you're going to play the Parkkker game of randomly coming in and throwing the number of patches around, at least show us that you're slightly smarter than he is and point out that the patches are for a whole variety on software that the user may or may not have installed/running. Otherwise we'll have to take you as seriously as we do him. |
| #10 By 32132 (64.180.219.241) at 4/19/2007 9:54:04 PM |
|
#8 WOW!!!!
Apple OS X is such a sieve. And it is relevant that operating systems Microsoft haters tout as being safer have far more security holes than Microsoft software. "Other vendors, in this particular case Apple, actually patch their systems!" In huge numbers!! But seriously ... where would a person go to find out how old the vulnerabilities are? Consider that the airport vulnerability was in 10.3.9 and 10.4.9 (10.3.9 is 2 years old) how old is the vulnerability? CVE-2006-0300 is 14 months old CVE-ID: CVE-2006-6143 is 2 months old. I could contine ... but Apple rarely puts links on its security page so people could go find out when the vulnerability was discovered. |
| #11 By 3653 (68.52.143.149) at 4/19/2007 11:41:26 PM |
|
4 mega patch drops in 4 months.
cupertino, we have a problem. and its called "denial". |
| #12 By 2960 (24.254.95.224) at 4/20/2007 7:19:05 AM |
|
Wow. 113 patches just for this?
|
| #13 By 15406 (216.191.227.68) at 4/20/2007 8:16:46 AM |
|
#8: You are Parkkker and I claim my $5.
|
| #14 By 37047 (216.191.227.68) at 4/20/2007 8:31:36 AM |
| #8, #10: It is amazing how you two harp on and on about how Apple and Linux are irrelevant because of their small market share, until a Windows defect is brought up, and then all of a sudden it is Apple defect this, and Linux defect that. Waaa Waaa. |
| #15 By 32132 (64.180.219.241) at 4/20/2007 11:48:31 PM |
|
#14 Perspective. Haters like you and Latch prefer to discuss security as if Microsoft was the only company with security problems.
As it turns out, Microsoft has the fewest security problems of the top 3 operating systems on PC's. Thats perspective. |
| #16 By 32132 (64.180.219.241) at 4/21/2007 5:58:55 PM |
|
"A hacker managed to break into a Mac and win a $10,000 prize as part of a contest started at the CanSecWest security conference in Vancouver.
In winning the contest, he exposed a hole in Safari, Apple's browser. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, one of the organizers of CanSecWest. The conference organizers decided to offer the contest in part to draw attention to possible security shortcomings in Macs. "You see a lot of people running OS X saying it's so secure, and frankly, Microsoft is putting more work into security than Apple has," said Dragos Ruiu, the principal organizer of security conferences including CanSecWest " http://www.infoworld.com/article/07/04/20/HNmachackedatconference_1.html |
|
Write Comment
Return to News |
Displaying 1 through 25 of 217 Last | Next |
The time now is
12:00:37 AM
ET.
Any comment problems? E-mail us |
