Critical Microsoft Update
Results 1 to 4 of 4

Thread: Critical Microsoft Update

  1. #1
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416

    Critical Microsoft Update

    No details as to what it involves, but here are a few possibilities.

    Microsoft on Thursday announced plans to ship one security bulletin on Tuesday, Sept. 13, to provide patches for a "critical" flaw in its Windows operating system.

    As part of its advance notice mechanism, the Redmond, Wash.-based software giant said the security update will require a restart and can be detected with the MBSA (Microsoft Baseline Security Analyzer) tool.
    http://www.eweek.com/article2/0,1895,1856939,00.asp
    EWeek :: September 8, 2005
    .

  2. #2
    Banned
    Join Date
    Sep 2004
    Posts
    77
    Knowing that this upcoming patch is for a vulnerability which was detected by eeye 108 days ago.... and there are reports that M$ knew about it even 60 days before eeye posted it on their advisory section.

    So this patch was about five-to-six months overdue... This is a long patch cycle... because smarter hackers would have devised ways till now to exploit this hole....

    What about recent vulnerabilities posted on eeye advisory section... users have no option than to wait for another six months or so, till M$ provides patches for them....

  3. #3
    Senior Member hesperus's Avatar
    Join Date
    Jan 2005
    Posts
    416
    Well, looks like they have delayed it a bit more because of stability concerns :

    http://www.microsoft.com/technet/sec...n/advance.mspx
    .

  4. #4
    Banned
    Join Date
    May 2003
    Posts
    1,004
    What about recent vulnerabilities posted on eeye advisory section... users have no option than to wait for another six months or so, till M$ provides patches for them....
    All of those vulnerabilities fall into one of two classes...

    1. Weak default configuration.
    2. Requires physical access to the system.

    The first class is a big "So what?" vendors provide security recommendations for a reason, fail to follow them at your own risk.
    The second class is also a big "So what?"... in an environment with the slightest concern for security non-administrative users should only have access to dumb terminals... where it doesn't matter what kind of access you have.

    eEye makes one good product (Retina, which has had trouble recently) otherwise (Iris, IIS Secure, and Blink most notably) are very blah and to call their media team histrionic is like saying the Pacific Ocean is moist.

    cheers,

    catch

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •