Microsoft Plugs "Drive-By" and 14 Other Holes 189
CWmike writes "Microsoft today patched 15 vulnerabilities in Windows, Windows Server, Excel, and Word, including one that will probably be exploited quickly by hackers. None affects Windows 7. Of today's 15 bugs, Microsoft tagged three 'critical' and the remaining 12 'important.' Experts agreed that users should focus on MS09-065 first and foremost. That update, which was ranked critical, affects all still-supported editions of Windows except Windows 7 and its server sibling, Windows Server 2008 R2. 'The Windows kernel vulnerability is going to take the cake,' said Andrew Storms, director of security operations at nCircle Network Security. 'The attack vector can be driven through Internet Explorer, and this is one of those instances where the user won't be notified or prompted. This is absolutely a drive-by attack scenario.' Richie Lai, the director of vulnerability research at security company Qualys, agreed. 'Anyone running IE [Internet Explorer] is at risk here, even though the flaw is not in the browser, but in the Win32k kernel mode driver.'"
Yay, tight integration of browser with OS... (Score:3, Insightful)
Anybody else think something is integrated with something else in a deeply, deeply wrong way here?
It's Still Windows (Score:3, Insightful)
No wonder my home system was such a dog this morning. It was pulling the latest patches and updates.
Meanwhile, it's still Windows. There's only so much improvement you can make when the manufacturer insists on packing so much into the "kernel." I was always taught that the OS kernel is the one piece that provides the interface between all software and all hardware. File systems, GUIs, internet browsers and lesbian Pr0n are all just forms of software that should be clients to the ultimately optimized but minimalist kernel.
Re:Well... (Score:4, Insightful)
Too bad so many XP users don't opt-in to patching
This is Microsoft's fault for not offering a security only patch channel and pushing WGA ,etc through as windows updates.
I know this is probably comes across as trolling but it's not just Microsoft bashing for the sake of it.
Re:Well... (Score:5, Insightful)
No, this is the fault of people who pirate their operating system and then expect it to be supported. Some things have a price. Pay the price if it is worth it to you. Don't use it if the price is not worth it to you. Some people call that "vote with your wallet". Just taking it for free and then expecting support is ludicrous and the height of hypocrisy.
While I do agree that pirating a piece of software and expecting support is unreasonable, Microsoft is only increasing the number of botnets when they refuse updates to pirated software. Refuse software and hardware updates, but at least include security updates. With the increased number of botnets, that's more computers out there trying to infect others and it will without a doubt hit legitimate systems owned by users who just ignore that little yellow shield with the exclamation point on their taskbar. It is also their fault, but some people just don't know better.
Re:Well... (Score:5, Insightful)
Let's think about this not from a moral perspective, but from a business one
Ok, lets do that.
As Microsoft software is the single most predominately used OS in the world, having large numbers of these installations being vulnerable to botnets is not only putting the efficient working of the global networks at risk, costing large sums as innocent ISPs upgrade their infrastructure to cope with the deluge of useless spam traffic and and virus payloads; costing businesses large sums to protect themselves from the deluge of virus, phishing and spam that routinely attacks their users; costing consumers vast sums as they attempt to protect themselves from the same deluge of attacks; but also puts the economy at risk with phishing attempts and other fraudulent and criminal activities that at best reduce people's confidence in using it for economic activity.
Given the above, the government should step in and force Microsoft to be more responsible for securing the national infrastructure from these attacks. Infrastructure that the modern economy depends upon. They keep telling us how many billions of Dollars are lost to virus attacks, how much conficker cost business, etc. Imagine how much the economy would suffer if there was a really big botnet/virus that did more than inconvenience users.
You can ignore moral aspects here and focus on the purely economic. We did that with banker's bonus-driven practices, and look how well that turned out. By ignoring the 'moral' aspects of Microsoft's monopoly and their self-interested lack of securing their OS, we may yet suffer similar problems.
(this isn't really Microsoft bashing, its more monopoly bashing)(though, I recall someone senior at MS saying they liked piracy because it made developers and users become accustomed to Microsoft software which had a beneficial effect to them - perhaps it is Microsoft's fault after all).
Re:And the others? (Score:3, Insightful)
Not fixing would backfire. Would you buy a product from a company that totally abandons the existing product as soon as they release a new one?
Re:Have you considered decaf? (Score:3, Insightful)
Dude. Yes I'm talking even tho I said I wouldn't but I've been thinking about this a lot.
Don't you wonder *why* you upset *everyone* every time you talk online? Think about it. You are the one who is acting like a troll. A quick google of your name (which I did because you called a slashdot account "easily trackable", even though I don't use this name anywhere else, but you have registered APK accounts all over the place, plus I found your email address and physical mailing address) brought up several threads where you have been emailing people whining, threatening to take "legal action" etc. It would be funny if it weren't so sad. Nobody needs a degree in psychiatry to tell that you have serious issues.
You purposely twist other people's words (said I "cannot" read instead of I chose not to), and I bet you have a list of insults that anyone ever called you that you then use on other people.. because almost every single thing you have tried to insult me with could equally apply to yourself (decaf, trolling, etc).
You are the only person I have called insane, and plenty of other people have pointed out that you must have a mental illness too. You certainly have a lot of pent up anger and aggression, that you unleash on people for no reason, and you seek attention by posting massive rants on completely unrelated threads. Then you wonder why everyone hates you and calls you a troll or thinks you have something wrong with you. Wake up. I'm sorry if you do have mental issues, though I hope at least you have seen a doctor about it. I myself needed to go on pills a few years ago for depression, and I had an episode of OCD, I know it's not pleasant to have mental issues. But anyway there's probably no point even trying to be friendly or reasonable with you, you just don't seem to have the capacity for either of those things from what I've seen so far.