Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Microsoft Operating Systems Security Software Windows

Yet Another Critical Windows Flaw 511

Posted by michael from the keep-bailing dept.
Dynamoo writes "Microsoft released yesterday a whole bunch of critical security updates. Out of these, MS03-043 is a flaw in the Windows Messenger Service (not MSN Messenger) with the possibility of a remote attacker gaining complete control of a Windows NT/2000/XP/2003 based PC remotely. If this sounds like another possible vector for a worm to spread, you'd probably be right. Microsoft's recommendation is to 'disable the Messenger Service immediately and evaluate their need to deploy the patch'. Of course a firewall will offer some protection but shouldn't be relied on. At least administrators can disable the Messenger Service remotely. Of course this is another headache for admins still patching for last month's RPC flaw."
This discussion has been archived. No new comments can be posted.

Yet Another Critical Windows Flaw More

Yet Another Critical Windows Flaw

Comments Filter:

  • Call to worm developers!! (Score:2, Funny)

    by borgdows ( 599861 ) on Thursday October 16, 2003 @08:27AM (#7228232)
    This time, please do something really useful, not only doing such silly thing as DOS'ing windowsupdate

    You can for instance, delete necessary files for Internet connection... in this case Microsoft will be in a *real* shit if nobody can connect the internet to download patches!
    They'll maybe have to send MILLIONS of CD by mail!

    Therefore, people will be *really* annoyed and may think it's time to switch to another more reliable OS.

  • Re:In a way, it is a good thing... (Score:5, Funny)

    by quigonn ( 80360 ) on Thursday October 16, 2003 @08:43AM (#7228342) Homepage
    A friend of mine recently said: "the only way to get a security hole fixed in Microsoft software is to write a worm that exploits it".

  • Excuse me, Sir... (Score:2, Funny)

    by AriesGeek ( 593959 ) <aries AT ariesgeek DOT com> on Thursday October 16, 2003 @08:47AM (#7228368) Homepage Journal
    I checked my Windows XP installation and it has had the patch applied since July 8, 2003

    Could I get your IP address please?

  • Re:Too bad it's such a pain in the ass... (Score:3, Funny)

    by mst76 ( 629405 ) on Thursday October 16, 2003 @08:47AM (#7228370)
    What functionality do you lose when disabling the service? Is it one of those that never need to run, ever?
    You lose the ability to receive winpopup spam.

  • In other news (Score:4, Funny)

    by zakezuke ( 229119 ) on Thursday October 16, 2003 @08:48AM (#7228380)
    Microsoft discovered a MAJOR flaw in their naming convention. It seems it's far too easy to confuse MSN Messenger with Windows Messenger do in part they are both called Messenger, also due to the fact that Windows Messenger isn't widly used, except by sys/net admins telling their users the system is going down.

    Getting users to actually peform updates when they don't have the ability to tell the diffrence between the diffrent products has proven to be most troublesome to Microsoft.

    This flaw was noticed by technical support when users asked for assistance with "outlook" not knowing that "express" was a diffrent product. Not to speak of the diffrences between Windows Explorer, Microsoft Explorer, and the new hardly ever works MSN explorer.

    "The idea that users know the diffrence between Windows, Microsoft, and MSN is ridiculous" --- typical power user.

    A new convention is required based on the following facts

    Windows - the operating system side of things
    Microsoft - the software side of things, stuff you actually use
    MSN - the ISP side of things, fluffy click shit that causes your computer to crash and burn.

    Renaming should be as follows

    Dont touch me crap - reserved for operating system level software
    Play with me crap - the software you typicaly get to do stuff
    Can't do crap - the stuff internet related that never works right

    Now saying that there are patches for the "don't touch me crap messenger" has some meaning to the average user, vs their "Can't do crap Messenger" product.

    This message was brought to you by Microsoft Crap, where did your document go today?

  • Not so fast... (Score:5, Funny)

    by X86Daddy ( 446356 ) on Thursday October 16, 2003 @10:05AM (#7228759) Journal
    At least administrators can disable the Messenger Service remotely.

    If you haven't patched yet, I'm guessing anyone can disable your services remotely. :-)

  • New Marketing Slogan (Score:4, Funny)

    by cindik ( 650476 ) <solidusfullstop@noSpAm.cindik.com> on Thursday October 16, 2003 @12:23PM (#7230290) Homepage Journal
    You'll never be locked out with Microsoft. We make windows that anyone can open from the outside.

Slashdot Top Deals

"No matter where you go, there you are..." -- Buckaroo Banzai

Close