Microsoft Patches "Google Hack" Flaw In IE 142
An anonymous reader writes "As expected, Microsoft has issued an out-of-band security patch to address a remote code execution hole in Internet Explorer that was used in the recent Chinese attacks disclosed by Google. Ars Technica has all the download links you need."
WTF! FORCED SHUTDOWN (Score:5, Informative)
Re:WTF! FORCED SHUTDOWN (Score:1, Informative)
I tested a server and a desktop (Windows 2008 R2, Windows 7) and neither auto-rebooted from the Windows Update.
What are you talking about?
Re:Google has BACKED DOWN in China (Score:5, Informative)
Actually they haven't removed censorship yet. They would be talking with the Chinese government about a way to provide an uncensored search within the law.
"We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China."
A new approach to China [blogspot.com]
So, we're still on hold as to if they will remove censorship.
Re:Google has BACKED DOWN in China (Score:5, Informative)
Looks pretty un-censored to me. images:tiananmen square [google.cn]
Re:Quick turnaround! (Score:4, Informative)
Re:What if IE could be uninstalled? (Score:1, Informative)
You can use this website to uninstall IE completely: http://www.ubuntu.com/GetUbuntu/download [ubuntu.com]
Re:Google has BACKED DOWN in China (Score:1, Informative)
The link in the article [publicaddress.net], even on the day it was posted on slashdot, talked about conflicting reports.
Current status @ 07:20 NZT, 02:20 Beijing time, 14-01-10: Still conflicting reports coming out. It could be that Google has already lifted its own censorship measures. Or it could be that the censorship measures are still up, but because of the intense interest generated (and click-thrus) on sensitive subjects, small holes in the wall are being publicised and magnified.
That was probably some over-enthusiastic blog. Google would have officially annouced it if it had lifted censorship. Last official status from Google is that they're talking to the Chinese.
I know people don't read articles here, but let's just hold our horses for an official announcement on Google's status. =)
Re:WTF! FORCED SHUTDOWN (Score:1, Informative)
Unless the patch was to the Trident libraries, in which case I can understand. Trident is the rendering engine behind MSIE, and is in use by other programs even if MSIE isn't using it.
There's times you MAY use it not intending to (Score:1, Informative)
"Since I never use IE and never intend to" - by davet2001 (1550151) on Thursday January 21, @05:18PM (#30852740)
See my subject-line above, & realize, that SOME apps do not launch by "filetype associations" & FORCE a user into launching IE!
(Those apps should do it by your default browser file association, ala ShellExecute type API calls for instance in the Win32 API, which would INSTEAD summon the default webbrowser associated with webbrowser files like .html/.htm type file extensions etc. / et al):
An example thereof would be one like WinVulnScan:
Now, before I go anywhere pointing out that is "wrong" with it? Well, first of all - The author of it has the RIGHT IDEA in his application & by ALL MEANS!
HOWEVER, THE "PROBLEM":
He "forces" a user to use IE in it!
(As to that happening? Well - My guess is, is that he "hardcoded in" the actual std. commandline for IE into his app is why)...
Still - it's a decent app that helps secure your system though, by finding out what the latest patches are for your Windows NT-based OS' that your system lacks (easy to write one like it too pretty much, but, who has the time anymore (my days of shareware/freeware creation for instance, are LONG behind me now, & trust me: It's WORK, especially fielding users' requests & such)).
Fact is? Well - I've been thinking of writing that fellow (the dev of WinVulnScan) & running this idea by he... I just might @ that, now that I noted it here.
APK
P.S.=> Just pointing out an actual instance, with an application no less, that FORCES the use of IE on a user (albeit, not the BEST ONE probably, it was all I could come up with on "short-notice" is all)!
HOWEVER - There ARE other apps too, that do the same, mind you!
(Thank goodness though, the author of WinVulnScan only directs users to MS sites, which are MORE-OR-LESS, safer than others probably are (MS does get decent talent in coders (e.g.-> Dr. Mark Russinovich & Mr. Anders Heijelsberg as 2 examples thereof whom I respect a great deal for their accomplishments in this "art & science" of computing for example) & I expect their network tech/network administrator/network engineering staff is doubtless of EQUAL CALIBRE on that end also))... apk
Too bad.. (Score:1, Informative)
You can write to an in-use file. Unless somebody opened the file and specifically set the flag that dis-allows that. Go lookup FILE_SHARE_DELETE / FILE_SHARE_WRITE
Although I guess its a mistake to use facts here. How would we bash Microsoft then?!
Re:WTF! FORCED SHUTDOWN (Score:3, Informative)
The other alternative is to put up a message saying "These applications/services/etc need to be restarted".
Allowing libraries to be modified on disk while in use is a solution to the upgrade problem which is simple, elegant, and terribly, terribly wrong.
If the OS is sufficently "clever" the old version of the library need only exist until the last thing executing it's code stops doing so.