Microsoft Patches 19 Flaws, 6 in Vista 307
Cheesy Balogna writes "Microsoft has just released seven advisories — all rated critical — with patches for at least 19 vulnerabilities affecting the Windows operating system, the widely deployed Office productivity suite and the dominant Internet Explorer browser. Six of the 19 vulnerabilities affect Windows Vista. 'There are patches for 7 different vulnerabilities that could lead to code execution attacks against Word, Excel and Office. Users of Microsoft Exchange are also urged to pay attention to one of the critical bulletins, which cover 4 different flaws. A cumulative IE update addresses six potentially dangerous bugs. There are the six that apply to IE 7 on Windows Vista. The last bulletin in this month's batch apples to CAPICOM (Cryptographic API Component Object Model) and could also put users at risk of complete system hijack attacks.'"
Re:Changes Default Browser (Score:3, Informative)
Then I adjusted my thinking to Microsoft's point of view and tried to figure it out.
Now that IE7 is patched, it's much more secure than Firefox could ever be! Changing IE7 back to default is much like a firewall, an ounce of prevention is worth a pound of cure eh? By trying to get us back using IE7 they're just trying to prevent all the malware from getting on our systems, much like most of the rest of the patches.
It's a bit screwy, but that's the best rationalization I could come up with, anyone got a better one?
Summary was incorrect (Score:5, Informative)
Not, of course, that this excuses MS in any way (two is still two too many), but the summary was still rather misleading.
Re:Linux patches? (Score:4, Informative)
Re:Linux patches? (Score:2, Informative)
But that's the problem. Had he not posted in that type of tone, he might not have gotten modded up. I've seen many good posts defending Microsoft products without flaming the opposition yet when they hit the 4 or 5 moderation marks, people keep trying to mod them down.
I'm sure even if you removed all of the modded up Funny posts (which often are stabs at MS but cloaked with humor) I'm sure you'd see a clear anti-MS bias in moderation. That is, you're more likely to get modded up if you choose to post anti-MS comments.
People here are also quick to mod up any frustration with MS products even when they're just flames, yet when you see the comments about frustrations for Apple or Linux, you often get responses to the person having frustrations showing good light for Apple/Linux/etc modded up, not the parent frustration.
Only One of the Vista Bugs was "Critical" (Score:5, Informative)
In the case of the one bug [microsoft.com] that was rated critical, the rating was dependent on several mitigating factors, including that the user running as full admin with UAC turned off. (Obviously not the default configuration.)
Only in that scenario could the machine be compromised, and even then the successful execution of exploit code was unlikely thanks to ASLR and various other security measures. It was far more likely to simply cause a browser crash.
Considering Vista has been out since November of last year, its security record [csoonline.com] so far as been extremely impressive.
Comment removed (Score:3, Informative)
Re:Changes Default Browser (Score:1, Informative)
http://www.zoliblog.com/blog/_archives/2007/3/26/
Re:No flaws in Vista itself, all 6 in IE7 (Score:3, Informative)
Vista patches (Score:3, Informative)