All Things Microsoft > Microsoft as a Company

MS's 3rd monthly patches a failure

(1/2) > >>

Xeen:
Today MS released a set of monthly patches. They started the monthly system in October, released a second set in November, but failed to do so in December because they claimed they weren't able to finish the patches in time and preferred to wait for January. Note that that came only one week after Bill Gates criticized Open Source for not delivering patches fast enough.       :rolleyes:      

Well today they released what should be 2 months worth of patches, but failed to release one for one of the most important security bugs.

     
quote:Microsoft Corp.'s latest round of software patches fails to fix a flaw in its Internet Explorer Web browser that makes it easier for online criminals to dupe people into disclosing their credit card numbers, passwords and other private data.

 The flaw lets criminals control the information displayed in the address bar of Explorer's browser window. It was most recently used to trick people into visiting a forged version of the Citibank Web site. Once there, users were prompted to share personal identification and credit card account numbers. Citibank today warned people to steer clear of an e-mail that links to the fake site.

Security experts said that the flaw is easy to exploit. "I could teach any grade school kid how to do it," said Ken Dunham, malicious code manager for Reston, Va.-based security company iDefense. "I'm very concerned for the Internet public at large because this is one of the most dangerous trends we've seen emerge."
--- End quote ---


In a statement concerning the fact that they didnt release this important patch, here's what MS had to say:

   
quote:An article on Microsoft's website offers consumers an easy, if drastic, workaround in the meantime: simply abandon the whole hypertext thing altogether. "The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them," the company advises. "Rather, type the URL of your intended destination in the address bar yourself."
--- End quote ---


     :eek:          :eek:          :eek:          :eek:          :eek:    


Also announced today was a security bug in the Microsoft Data Access Components program in Windows.

http://www.theregister.com/content/55/34863.html

[ January 14, 2004: Message edited by: xeen ]

rklesla:
It takes microsoft about 2 months to understand there own code long enough to figure out how to "fix" it.

Kintaro:
No they have to figure out the code because they didnt write it, they found it in University Trashcans, and brought some of it, and stole all the rest.

WMD:

quote:Originally posted by X11: doogee.is.dreaming.org:
No they have to figure out the code because they didnt write it, they found it in University Trashcans, and brought some of it, and stole all the rest.
--- End quote ---


I guess that sums it up pretty well.  :D

I actually have a good portion of the XP source code, but it's in ASM format.  :(   I wouldn't be able to read it either way.  :(

hm_murdock:
THAT'S PRETTY COOL

Navigation

[0] Message Index

[#] Next page

Go to full version