Another Critical Microsoft Hole 601
gmuslera writes "Not was enough that recent vulnerability in IE that can run any program in an unpatched windows system. Now there is another
related to an ActiveX control that can make IE and IIS to run any code in the system. The Microsoft solution? kill the related ActiveX control and replace it with a safe one. The Microsoft problem? As this control is Microsoft signed, any site can require it, upload it and replace the "good" one with the vulnerable one. The final recomendation from Microsoft? Don't trust/run ActiveX controls signed by Microsoft." Gimble points to the appropriate locations on Microsoft's website: "Another buffer overrun (that allows arbitrary code to be run) has been admitted to by MS, and it affects IIS and IE on clients (but not on XP), and they have a patch available here Security Hotfix for Q329414. The kicker is that a patched system can be rendered vulnerable again by a hostile web site or HTML email. The 'solution' from MS in Microsoft Security Bulletin MS02-065 recommends that you remove MS from the list of Trusted Publishers."
Aaahhhh! (Score:4, Funny)
Noooooo!
Minesweeper WON'T stop coming up!
--This girl at the library the other day
Re:He's right about the fonts (Score:5, Funny)
Sound Advice (Score:3, Funny)
Re: Another critical Microsoft hole (Score:5, Funny)
Difficult to read this post is, hmmm?
"Don't trust Microsoft" (Score:4, Funny)
I Like Their Solution! (Score:2, Funny)
The final recomendation from Microsoft? Don't trust/run ActiveX controls signed by Microsoft.
The 'solution' from MS in Microsoft Security Bulletin MS02-065 recommends that you remove MS from the list of Trusted Publishers.
Will Do!
Re:Sound Advice (Score:5, Funny)
Microsoft knows best (Score:4, Funny)
"Don't trust us"
Trusted computing. (Score:2, Funny)
Trusted computing, digital signing... I guess it all boils down to "You can trust Microsoft that this signed control will screw over your computer."
DOJ reaction (Score:5, Funny)
Today the DOJ announced that they would no longer trust Microsoft and had removed Microsoft from the list of companies it would allow to police themselves. This was done on Microsoft's advice as they felt they could not be trusted not to screw around like they had before.
"Lets face it" said Bill Gates "asking us to police ourselves is like asking Dan Quayle to front a literacy program, its just not a good idea"
I also don't trust software i write (Score:2, Funny)
Re:More Bias (Score:5, Funny)
Maybe we should apply the SECURE teenager patch I thought I saw somewhere....
Re:This bodes well (Score:5, Funny)
I find it amusing... (Score:5, Funny)
Time to upgrade (Score:2, Funny)
Re:Aaahhhh! (Score:5, Funny)
Re:Question (Score:4, Funny)
Sure if you never store personal documents under it.
A bit of fuzzy logic (Score:4, Funny)
Re:Sound Advice (Score:5, Funny)
Suppose MS say that they shouldn't be trusted. Assume you think it's right, so you don't trust'em, so you believe THAT sentence is false ! Therefore MS should be trusted. So of course you must trust'em, and believe they shouldn't trusted... And so on & on !
Finally their claim is just another way to make your system / brain crash due to stack overflow...
Another Microsoft Security Bulletin ! (Score:1, Funny)
Re:why? (Score:3, Funny)
"Microsoft innovates"
With a nice little sponsered by, Microsoft icon right under the headline. That is why..
ATTN: Slashdot Editors (Score:4, Funny)
Don't blame Microsoft... (Score:2, Funny)
You can download a patch here (Score:2, Funny)
Your answer... (Score:3, Funny)
Yes.
Re:Oooo! He card read good! (Score:5, Funny)
karmasuicide2k2
infinite loop (Score:2, Funny)
Anybody see that this resembles the following situation:
"I am a pathological liar,
Everything I say is a lie,
you can trust me on this."
Now what are ya gonna believe??
Click...refresh...huh? (Score:5, Funny)
--note to self--
Consider buying stock in proposed Hades Ski and Ice Skating resort... it must be getting real cold down there about now, somewhere between slushy and completely frozen over.
In other news... (Score:5, Funny)
Re:Aaahhhh! (Score:4, Funny)
That depends. According to their bulletin, you can't trust MS. But the bulletin came from MS, so you can't trust the bulletin. So you can trust MS. Whch means you can't trust them which...
Ah, the classic "I am lying" paradox...
Great solution, what about SPAM? (Score:5, Funny)
"The simplest way is to make sure you have no
trusted publishers, including Microsoft. If you do
that, any attempt by either a web page or an HTML
mail to download an ActiveX control will generate a warning message."
(...)
We could use this idea also with SPAM. Why use Bayesian filters (that aren't still 100% safe)? We could open every single message and decide if it is SPAM or not. If it is SPAM we can then delete it... it's easy!!
This message doesn't need a signature
Re:Sound Advice (Score:5, Funny)
Microsoft1: All things you need to trust are from Microsoft.
Microsoft2: But all things are not always me need to trust are from Microsoft.
Microsoft1: Umm. But all things are not always are not always you need to trust are from Microsoft.
Microsoft2: Interesting. But all things are not always are not always are not always me need to trust are from Microsoft.
Microsoft1: Interesting. But all things are not always are not always are not always are not always you need to trust are from Microsoft.
Microsoft2: Huh. But all things are not always are not always are not always are not always are not always me need to trust are from Microsoft.
Microsoft1: Huh. But all things are not always are not always are not always are not always are not always are not always you need to trust are from Microsoft.
Microsoft2: Umm. But all things are not always are not always are not always are not always are not always are not always are not always me need to trust are from Microsoft.
Microsoft1: And. But all things are not always are not always are not always are not always are not always are not always are not always are not always you need to trust are from Microsoft.
etc.
time line (Score:1, Funny)
Re:RTFM : lol... Try Runas.. (Score:2, Funny)
I think that this is due to the fact that these installs are modifying the registry. But, you say, Win2k has a user portion of the registry that the user can edit. Well, yes, but this does not allow for dependancies and global file extension settings. Basically, when a "dependant" program is installed it increments a counter in the registry branch for the program that it is dependant on (if that makes sense
Intelli-sync for Palms is one program like this. Their solution - install / run as Administrator. Just make sure that when you do this you only make the user a LOCAL adminstrator. I made this mistake once - and spent most of a night putting one of our servers back together. Never again!
Ah, the irony... (Score:2, Funny)
Trustworthy Computing! [microsoft.com]
Yeah, sure... And then they recommend to be removed from the trustworthy list...