| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Security Bulletin Advance Notification for February 2008 | |
|
||
| Time: 12:29 EST/17:29 GMT | News Source: Microsoft | Posted By: Michael Dragone | ||
|
This is an advance notification of twelve security bulletins that Microsoft is intending to release on February 12, 2008. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 157 Last | Next |
The time now is
8:05:48 PM
ET.
Any comment problems? E-mail us |
| #1 By 15406 (216.191.227.68) at 2/7/2008 1:18:04 PM |
|
Wow, 2 remote code execution bugs for Vista this month alone...
|
| #2 By 92283 (64.180.196.172) at 2/7/2008 2:37:07 PM |
|
Vista isn't in Apples league.
"Apple has released an update for its popular QuickTime software. This release brings the version number to 7.4.1 and fixes a bug under which arbitrary code execution could be triggered by a 'drive-by' or maliciously written web page" http://www.informationweek.com/industries/showArticle.jhtml?articleID=206106035 "From the release of QuickTime 7.1.3 in January 2007 through the release of QuickTime 7.3.1 in December of that year, Apple fixed 34 different QuickTime vulnerabilities. In 2006, Apple fixed 28 QuickTime holes. So far this year, Apple has made five specific QuickTime repairs. " |
| #3 By 15406 (216.191.227.68) at 2/7/2008 2:44:40 PM |
|
#2: LOL, right on time and with the expected response.
Hmmm, QT affected by drive-by web pages? Good thing Windows doesn't have any problems like that. But then, Apple ha never said that QT is chock-full of whiz-bang uber-security like MS does with Vista. Tell me, do you keep little text files on your desktop that are full of these bug tidbits so that they're handy any time someone posts something negative about MS, or do you compile a new list every time? And what do you think about MS, if the Yahoo deal goes through, being the world's 3rd largest user of open source? Awesome, huh? |
| #4 By 92283 (64.180.196.172) at 2/7/2008 5:31:34 PM |
|
The QT bug was announced today.
But since there have been 39 in the last 12 months, there are about 3 announcements a month. Hardly a week goes by without a QT vulnerability being discussed. |
| #5 By 92283 (142.32.208.232) at 2/8/2008 12:49:18 PM |
|
http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12
12 more bugs for Firefox! 3 Critical All the critical ones point back (in part) to a bug almost 1 year old. Thanks Mozilla for those speedy fixes! |
| #6 By 15406 (216.191.227.68) at 2/8/2008 2:35:34 PM |
| #5: And, as usual, you're whining about them after they've been fixed. It's speedy fixes like that that made FF vulnerable for only 9 days last year, compared to 200+ days for IE. |
| #7 By 92283 (142.32.208.232) at 2/8/2008 4:18:41 PM |
|
After?
The bug was from February 2007. It took them a year to fix. The "fix date" is not the same as the bug date as I've demonstrated before. Firefox regularly takes a year to fix serious bugs. |
| #8 By 54556 (67.131.75.3) at 2/8/2008 6:00:14 PM |
|
>>> The bug was from February 2007.
Where do you see a bug date of 2/07 in http://www.mozilla.org/projects/security/known-vulnerabilities.html#firefox2.0.0.12 ? |
| #9 By 92283 (142.32.208.232) at 2/8/2008 6:05:43 PM |
|
#8 http://www.mozilla.org/security/announce/2008/mfsa2008-01.html
Click on "Browser Crashes" https://bugzilla.mozilla.org/buglist.cgi?bug_id=398088,393141,364801,346405,396613,394337,406290 https://bugzilla.mozilla.org/show_bug.cgi?id=346405 Oops. My mistake. That ones from 2006-07-29. 1.5 years. http://www.mozilla.org/security/announce/2008/mfsa2008-03.html https://bugzilla.mozilla.org/buglist.cgi?bug_id=386695,393761,393762,399298,407289,372075,363597 https://bugzilla.mozilla.org/show_bug.cgi?id=372075 2007-02-27 |
| #10 By 54556 (67.131.75.3) at 2/8/2008 6:41:01 PM |
| bugid 346405. That's what you are calling a serious bug? |
| #11 By 92283 (64.180.196.172) at 2/8/2008 10:22:24 PM |
|
Mozilla: "Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code."
Arbitray code execution is THE MOST SERIOUS kind of bug. Mozilla designated this bug as critical. Not me. But I do agree with them. This post was edited by NotParkerToo on Friday, February 08, 2008 at 22:23. |
| #12 By 15406 (99.224.112.94) at 2/9/2008 7:28:50 AM |
|
#11: Hmm, a bug that maybe, possibly, with enough effort, could perhaps lead to remote code execution and has since already been fixed. That's the best you can find? Yawn. Next.
|
| #13 By 15406 (99.224.112.94) at 2/9/2008 8:28:37 AM |
| #11: You still haven't commented on the 2 remote code execution bugs in Vista. I thought Vista was supposed to be more secure? I thought I heard from various microbots that this kind of thing would never happen. |
| #14 By 92283 (64.180.196.172) at 2/9/2008 11:39:56 AM |
|
#12 1.5 years to fix. Now thats slow. All the time the bug has been available hackers to use.
Thats 3 remote code execution bugs in Firefox in just this patch batch. Most are bugs a year old or more. #13 Vista is more secure. As long as you don't run Firefox or Quicktime or most other Apple or open source software. No one has suggested Vista wouldn't have any security issues. Just fewer than everyone else. And so far, that is true. Oh no. Not another remote code execution bug from Apple. "Apple has also issued an update for iPhoto, the image organising and sharing application which is a standard component of the iLife suite for OS X. The flaw could allow an attacker to create a malformed Photocast stream which would allow remote code execution on the system of all users who attempted to subscribe. " Stay away from Apple software. |
| #15 By 3 (86.1.38.147) at 2/9/2008 3:28:08 PM |
| Keep them coming #14 - It's always entertaining. Looking forward to you comments about an upcoming fix for a Microsoft product that causes data loss next week. Under NDA to talk about that though, but I guess you'll blame that on Firefox and Apple too! Oh and that bug has been there for 3 years. |
| #16 By 54556 (68.35.10.96) at 2/10/2008 12:36:37 PM |
|
#11 "Arbitray code execution is THE MOST SERIOUS kind of bug"
<sarcasm> Yeah, especially when it is caused by the user slamming keys of their own keyboard or going crazy resizing windows on thei own desktop. </sarcasm> |
| #17 By 92283 (64.180.196.172) at 2/10/2008 4:07:13 PM |
|
#15 I thought maybe AW would post the Apple/Firefox bugs. Too embarrassing for you I guess.
#16 Or using javascript. <sarcasm> No one uses javascipt in a web browser</sarcasm> |
| #18 By 54556 (68.35.10.96) at 2/10/2008 6:18:07 PM |
|
#17 "<sarcasm> No one uses javascipt in a web browser</sarcasm>"
Thats not the bug you originally quoted. But please, don't let facts or holding a consistent line of discussion get in your way of trying to win an argument, my six year old doesn't. |
| #19 By 92283 (64.180.196.172) at 2/10/2008 8:09:35 PM |
|
Javascript is mentioned on the page for MFSA 2008-01, and 2008-03 and 2008-06 - the 3 critical bugs.
2008-06 "Disable JavaScript until a version containing these fixes can be installed." 2008-03 "JavaScript privilege escalation bugs " 2008-01 "JavaScript engine crashes" Learn to read. |
|
Write Comment
Return to News |
Displaying 1 through 25 of 157 Last | Next |
The time now is
8:05:48 PM
ET.
Any comment problems? E-mail us |
