[News] More "Critical" Security Flaws in Windows Vista (Among Many More) - Linux

This is a discussion on [News] More "Critical" Security Flaws in Windows Vista (Among Many More) - Linux ; Microsoft says 'Merry Christmas' with seven security fixes ,----[ Quote ] | The critical issues relate to all currently supported versions of Windows, | including Vista, and to DirectX, Internet Explorer and the Windows Media | Format Runtime. `---- http://www.itwire.com/content/view/15687/1054/ ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

  1. [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

    Microsoft says 'Merry Christmas' with seven security fixes

    ,----[ Quote ]
    | The critical issues relate to all currently supported versions of Windows,
    | including Vista, and to DirectX, Internet Explorer and the Windows Media
    | Format Runtime.
    `----

    http://www.itwire.com/content/view/15687/1054/

    More Vista flaws below (some "critical", which is the highest level of severity
    in this context). Let is shatter the myth (lie) that Vista is ultra secure.

    Software maker releases the hounds on security vuln reporter

    ,----[ Quote ]
    | Legal attack dogs for enterprise search provider Autonomy have threatened
    | action against Secunia after the vulnerability publisher asked for
    | information relating to a serious bug in an Autonomy product.
    `----

    http://www.channelregister.co.uk/200...cunia_dust_up/


    Related and recent:

    Security hole in MS-Windows Vista on Thanksgiving

    ,----[ Quote ]
    | Microsoft, although late, but did acknowledge that it is a flaw even in the
    | latest OS (Vista) which should have been fixed long back.
    `----

    http://technology.millionface.com/20...-thanksgiving/
    http://tinyurl.com/32uq44


    Thirty-Six Updates Later—and Counting

    ,----[ Quote ]
    | Over the Thanksgiving holiday, I refreshed one of my Windows Vista test
    | machines. Oh my, there were so many Windows Updates.
    `----

    http://www.microsoft-watch.com/conte...129TX1K0000535
    http://tinyurl.com/355uqw


    Related:

    Vista security threats to rise in 2008: McAfee

    ,----[ Quote ]
    | Microsoft’s Windows Vista operating system will face increasing security
    | threats, according to McAfee Avert Labs predictions for top 10 security
    | threats in 2008. *
    `----

    http://www.business-standard.com/com...Left=0&chkFlg=


    Microsoft issues 6 'critical' patches

    ,----[ Quote ]
    | The updates affect many versions of Windows, Server and Office software --
    | including Windows XP and Windows Vista -- and are meant to prevent hackers
    | from breaking into Web surfers' computers using specially crafted Web pages. *
    `----

    http://news.yahoo.com/s/ap/20070814/...osoft_security


    Buffer the Overflow Slayer v. the ActiveX Files

    ,----[ Quote ]
    | The vulnerability was discovered by Krystian Kloskowski and is rated "highly
    | critical" in this posting on Secunia. It's also discussed here on the US-Cert
    | website. Proof-of-concept code can be found on MilW0rm here. *
    `----

    http://www.theregister.co.uk/2007/08...ads_vuln_love/


    Microsoft plans six critical patches

    ,----[ Quote
    | At least one of the critical vulnerabilities involves Internet Explorer 7 and
    | Windows Vista, both of which were conceived under new and highly vaunted
    | ^^^^^^^^^^^^^
    | development rigors designed to produce more secure products. *
    `----

    http://www.theregister.co.uk/2007/08...patch_tuesday/


    Patch Tuesday: Critical IE, Vista patches on deck

    ,----[ Quote ]
    | Of the four criticals, two will include high-severity patches for
    | Windows Vista. The bulletin rated ?moderate? only affects Vista.
    `----

    http://blogs.zdnet.com/security/?p=273


    June Patch Tuesday to deliver Vista fixes and more

    ,----[ Quote ]
    | Four of this month's bulletins are labelled 'critical' and
    | relate to vulnerabilities that may allow remote code execution.
    `----

    http://www.itwire.com.au/content/view/12751/


    Microsoft Plugs Critical Vista Hole

    ,----[ Quote ]
    | Microsoft has just patched another critical hole in Vista that it
    | knew about as long ago as last Christmas. The delay was similar
    | to its lag in patching the serious (and heavily targeted)
    | animated-cursor flaw I told you about last month.
    `----

    http://www.pcworld.com/article/id,132082/article.html


    Microsoft Patches Not One, But Three Vista Holes

    ,----[ Quote ]
    | Microsoft today released an update for the recently popular 'animated
    | cursor' vulnerability. The update was originally scheduled for April
    | 10th, but due to recent exploits, was rushed out today. The update
    | wasn't just for this one vulnerability though, in Vista, it addressed two
    | others, and in all covered seven vulnerabilities in Vista, XP and
    | 2000.
    `----

    http://itsvista.com/2007/04/microsof...e-vista-holes/


    Windows Vista's Built-in Rootkit

    ,----[ Quote ]
    | This poor implementation of the permissions structure can be exploited
    | by malware to make files that are undetectable to Anti-Virus products.
    `----

    http://www.jmcardle.com/blog/?p=361


    More Windows cursor patch trouble

    ,----[ Quote
    | A new issue with the fix has also come up. Some customers have
    | experienced trouble when printing from SQL Reporting Services to
    | a Printer Command Language (PCL) printer, Microsoft said.
    `----

    http://news.com.com/8301-10784_3-971...=2547-1_3-0-20
    http://tinyurl.com/3xrm4k


    Windows cursor patch causing trouble

    ,----[ Quote ]
    | Installing Microsoft's Tuesday patch for a "critical" Windows
    | vulnerability is causing trouble for some users.
    `----

    http://news.com.com/Windows+cursor+p...3-6173413.html


    MS Patch Tuesday: Vista dinged again

    ,----[ Quote ]
    | For the second time this month, Microsoft has shipped a security
    | bulletin with patches for a "critical" Vista vulnerability that
    | puts millions of users at risk of code execution attacks.
    `----

    http://blogs.zdnet.com/security/?p=161


    Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago

    ,----[ Quote ]
    | Security researchers say the Windows .ANI bug that has been plaguing
    | users for the past week first surfaced -- and was patched --
    | in early 2005.
    `----

    http://www.informationweek.com/news/...leID=198800828


    Week in review: Cursing Windows' cursor flaw

    ,----[ Quote ]
    | The software giant broke with its monthly patch cycle to fix a bug
    | that cybercrooks had been using since last week to attack Windows
    | PCs, including those running Vista.
    `----

    http://news.com.com/2100-1083_3-6173...0-20&subj=news


    ANI takers for Asus website virus?

    ,----[ Quote ]
    | Asus.com.tw, the website of Taiwanese motherboard maker Asustek,
    | has been spraying visitors with the .ANI virus, security software
    | makers confirmed today.
    `----

    http://www.theregister.co.uk/2007/04...bsite_viruses/


    Cursor hackers target WoW players

    ,----[ Quote ]
    | World of Warcraft players are being targeted by hackers exploiting
    | flaws in how Windows handles animated cursors.
    `----

    http://news.bbc.co.uk/1/hi/technology/6526851.stm


    Will Next Tuesday's 3 Updates Effect Vista?

    ,----[ Quote ]
    | I would suspect that one will be a patch for the Windows MessageBox
    | exploit, so Vista should get it. Might another be for the Vista
    | 'Timer/2099 Crack'? I wouldn't consider it critical, but
    | Microsoft probably does.
    `----

    http://itsvista.com/2007/01/will-nex...-effect-vista/


    Windows Vista now has its first exploit spotted in the public

    ,----[ Quote ]
    | Security experts have confirmed that a proof of concept code for an
    | unpatched vulnerability in Windows Vista has been released on
    | the internet.
    `----

    http://www.it-networks.org/?news=172


    Windows Vista: It's More Secure, We Promise

    ,----[ Quote ]
    | Well, allow me to take a moment to remind everyone of something that
    | you might not remember - XP was also touted as being ultra secure.
    | Seriously, can anyone honestly look themselves in the mirror and say
    | this is the gospel truth? You have got to be kidding me. Similar to
    | XP, Microsoft promises to have the most secure Windows version to date
    | yet again.
    `----

    http://www.osweekly.com/index.php?op...357&Itemid=449


    Old:

    Cisco exec: Windows Vista is scary

    ,----[ Quote ]
    | "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
    | here on Monday. "Anything with that level of systems complexity will have
    | new threats, as well as bringing new solutions. It's always a struggle
    | in security, trying to build for what you don't know."
    `----

    http://news.zdnet.com/2100-1009_22-6116823.html


    Symantec Finds Flaws In Vista's Network Stack

    ,----[ Quote ]
    | Researchers with Symantec's advanced threat team poked through
    | Vista's new network stack in several recent builds of the
    | still-under-construction operating system, and found several bugs
    | -- some of which have been fixed, including a few in *Monday's
    | release -- as well as broader evidence that the rewrite of the
    | networking code could easily lead to problems.
    |
    | [...]
    |
    | Among Newsham's and Hoagland's conclusions: "The amount of new
    | code present in Windows Vista provides many opportunities for
    | new defects."
    |
    | "It's true that some of the things we found were 'low-hanging
    | fruit,' and that some are getting fixed in later builds,"
    | said Friedrichs. "But that begs the question of what else
    | is in there?"
    `----

    http://www.techweb.com/wire/security...id=MWLALDT21M1

  2. Re: [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

    On 2007-12-07, Roy Schestowitz claimed:
    > Microsoft says 'Merry Christmas' with seven security fixes
    >
    > ,----[ Quote ]
    >| The critical issues relate to all currently supported versions of Windows,
    >| including Vista, and to DirectX, Internet Explorer and the Windows Media
    >| Format Runtime.
    > `----
    >
    > http://www.itwire.com/content/view/15687/1054/
    >
    > More Vista flaws below (some "critical", which is the highest level of severity
    > in this context). Let is shatter the myth (lie) that Vista is ultra secure.


    Hey, it's not like this really affects anybody. Nobody uses it. So bad
    people are wasting their time.

    --
    Lady who live in glass house, dress in basement!

  3. Re: [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

    ____/ Sinister Midget on Friday 07 December 2007 17:17 : \____

    > On 2007-12-07, Roy Schestowitz claimed:
    >> Microsoft says 'Merry Christmas' with seven security fixes
    >>
    >> ,----[ Quote ]
    >>| The critical issues relate to all currently supported versions of Windows,
    >>| including Vista, and to DirectX, Internet Explorer and the Windows Media
    >>| Format Runtime.
    >> `----
    >>
    >> http://www.itwire.com/content/view/15687/1054/
    >>
    >> More Vista flaws below (some "critical", which is the highest level of
    >> severity in this context). Let is shatter the myth (lie) that Vista is ultra
    >> secure.

    >
    > Hey, it's not like this really affects anybody. Nobody uses it. So bad
    > people are wasting their time.


    A recent article in a British news site said that only about 2% of all
    businesses will have migrated to Vista by the end of this year (~13 months
    after RTM phase).

    $Troll says: "Windows flaws are found just because it's widely used on the
    desktop".

    Evidence suggests otherwise.

    --
    ~~ Best of wishes

    Roy S. Schestowitz | "Nothing to see in this sig, please move along"
    http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
    Tasks: 109 total, 1 running, 108 sleeping, 0 stopped, 0 zombie
    http://iuron.com - knowledge engine, not a search engine

  4. Re: [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

    On 2007-12-07, Roy Schestowitz claimed:
    > ____/ Sinister Midget on Friday 07 December 2007 17:17 : \____
    >
    >> On 2007-12-07, Roy Schestowitz claimed:
    >>> Microsoft says 'Merry Christmas' with seven security fixes
    >>>
    >>> ,----[ Quote ]
    >>>| The critical issues relate to all currently supported versions of Windows,
    >>>| including Vista, and to DirectX, Internet Explorer and the Windows Media
    >>>| Format Runtime.
    >>> `----
    >>>
    >>> http://www.itwire.com/content/view/15687/1054/
    >>>
    >>> More Vista flaws below (some "critical", which is the highest level of
    >>> severity in this context). Let is shatter the myth (lie) that Vista is ultra
    >>> secure.

    >>
    >> Hey, it's not like this really affects anybody. Nobody uses it. So bad
    >> people are wasting their time.

    >
    > A recent article in a British news site said that only about 2% of all
    > businesses will have migrated to Vista by the end of this year (~13 months
    > after RTM phase).
    >
    > $Troll says: "Windows flaws are found just because it's widely used on the
    > desktop".
    >
    > Evidence suggests otherwise.


    In this case, obviously, it has little to do with how many are using it
    because so few do. So it has to be something else.

    The only "something else" that comes to my mind is the one that many of
    us have been saying all along: Windwoes gets trashed by bad people
    because it's so easy to trash it. It's so easy that even people who
    aren't really bad can do it in a matter of minutes.

    I forget which virus it was, but I recall one that caused some damage
    and the anti-virus companies came up with a detection mechanism to stop
    it. But in the case of this virus, some kid in Minnesota did a minor
    niggle to what already existed and it started trashing machines again.
    The details were sketchy. But from what I read the only thing the clown
    really did was change something that made his name or moniker show up
    in the signature, probably with a hex editor or something simple to
    use.

    The moral is, Winders is so easy to write malware for that really
    stupid people can do it without having to actually write anything.

    Fisted is no different. Stupid people are beginning to attack it, not
    because it's gaining popularity, but because it's easy and so few are
    doing it.

    --
    You will cease issuing ultimatums, or else.

  5. Re: [News] More "Critical" Security Flaws in Windows Vista (Among Many More)

    ____/ Sinister Midget on Friday 07 December 2007 20:22 : \____

    > On 2007-12-07, Roy Schestowitz claimed:
    >> ____/ Sinister Midget on Friday 07 December 2007 17:17 : \____
    >>
    >>> On 2007-12-07, Roy Schestowitz claimed:
    >>>> Microsoft says 'Merry Christmas' with seven security fixes
    >>>>
    >>>> ,----[ Quote ]
    >>>>| The critical issues relate to all currently supported versions of
    >>>>| Windows, including Vista, and to DirectX, Internet Explorer and the
    >>>>| Windows Media Format Runtime.
    >>>> `----
    >>>>
    >>>> http://www.itwire.com/content/view/15687/1054/
    >>>>
    >>>> More Vista flaws below (some "critical", which is the highest level of
    >>>> severity in this context). Let is shatter the myth (lie) that Vista is
    >>>> ultra secure.
    >>>
    >>> Hey, it's not like this really affects anybody. Nobody uses it. So bad
    >>> people are wasting their time.

    >>
    >> A recent article in a British news site said that only about 2% of all
    >> businesses will have migrated to Vista by the end of this year (~13 months
    >> after RTM phase).
    >>
    >> $Troll says: "Windows flaws are found just because it's widely used on the
    >> desktop".
    >>
    >> Evidence suggests otherwise.

    >
    > In this case, obviously, it has little to do with how many are using it
    > because so few do. So it has to be something else.
    >
    > The only "something else" that comes to my mind is the one that many of
    > us have been saying all along: Windwoes gets trashed by bad people
    > because it's so easy to trash it. It's so easy that even people who
    > aren't really bad can do it in a matter of minutes.



    The Structural Failures of Windows

    http://www.theinquirer.net/default.aspx?article=15305

    Microsoft Windows: Insecure by Design

    http://www.washingtonpost.com/ac2/wp...nguage=printer

    They've considered Singularity, but it's a research project. Vista (Longhorn)
    suffered a "development collapse"/"reboot" (in Microsoft's /own/ words), so
    it's somewhat of a rebranded Windows XP with many of the same flaws and some
    pseudo-security bolted on (UAC nags, among other things).

    Should Microsoft take another look at Xenix? Should it move to
    services/advertising for revenue? The console biz has thus far lost many
    billion and brought almost nothing in return (the financial department seems
    to be cooking the books and merging divisions to hide losses). Office is in
    great danger also because it fails to evolve with the Web's maturity.
    Meanwhile, Microsoft resorts to corruption and 'raping' of ISO, which had a
    major person retire and rant about Microsoft a few days ago. This hurts
    Microsoft's image like hell and ODF appears to be winning regardless (many
    countries have already adopted it, along with other office suites). Seattle
    P-I reports about Microsoft's cash piles, which appear to have halved in the
    past couple of years. People haven't really bought a new O/S or office suite
    since 2002/3, unless they bought a new PC. What does Microsoft feed on?


    > I forget which virus it was, but I recall one that caused some damage
    > and the anti-virus companies came up with a detection mechanism to stop
    > it. But in the case of this virus, some kid in Minnesota did a minor
    > niggle to what already existed and it started trashing machines again.
    > The details were sketchy. But from what I read the only thing the clown
    > really did was change something that made his name or moniker show up
    > in the signature, probably with a hex editor or something simple to
    > use.


    Virus paranoia is commonplace, so when something goes wrong (e.g. program bugs,
    random reboots, data loss), an outside intervention is often assumed. Earlier
    today the BBC published an article about a Web host that forced all customers
    to change password and even locked some of them out. Why? From what I can
    gather, many of these companies have zombie PCs. 25%-50% of all Windows PCs
    are apparently compromised (see below), but the authorities keep quiet about
    it as to not incite panic. So, people's passwords got stolen the the host had
    its servers hijacked endlessly. That's how sad things have become
    and /everyone/ pays for the hassle.


    ___
    "A little over a year ago, I wrote an editorial where in back-of-the-envelope
    style (.pdf) I estimated that perhaps 15-30% of all privately owned computers
    were no longer under the sole control of their owner. In the intervening
    months, I received a certain amount of hate mail but in those intervening
    months Vint Cert guessed 20-40%, Microsoft said 2/3rds, and IDC suggested
    3/4ths. It is thus a conservative risk position to assume that any random
    counterparty stands a fair chance of being already compromised."

    http://blogs.zdnet.com/security/?p=661

    "The report also reveals that more than 50% of corporate desktop worldwide are
    infected with some type of spyware with the rate of infection as high as 70%
    in the United States."

    http://www.crn-india.com/breakingnew...ies/66870.html


    "Cerf estimated that between 100 million and 150 million of the 600 million PCs
    on the internet are under the control of hackers, the BBC reports. "

    http://www.theregister.co.uk/2007/01/26/botnet_threat/

    > The moral is, Winders is so easy to write malware for that really
    > stupid people can do it without having to actually write anything.
    >
    > Fisted is no different. Stupid people are beginning to attack it, not
    > because it's gaining popularity, but because it's easy and so few are
    > doing it.


    Many XP viruses are compatible with Vista (security vendors have said so for
    over a year, even before the Vista build was finalised). So, while Vista is
    incompatible with many real programs, botnets will have little or no trouble
    adjusting. Be prepared for seeing a /minority/ of users actually controlling
    their /own/ PCs, unless they wake up and ditch Windows.

    It is rather funny to find that the FBI is now going after botmasters rather
    than actually address the problems that they exploit. It's like trying to
    protect a cardboard stronghold using many guards instead of just building
    proper walls (with something other than cardboard).

    --
    ~~ Best of wishes

    Roy S. Schestowitz | "Computers are useless. They only solve problems"
    http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
    Tasks: 128 total, 1 running, 127 sleeping, 0 stopped, 0 zombie
    http://iuron.com - knowledge engine, not a search engine

+ Reply to Thread