20 new Windows Vulnerabilities - UPDATE NOW!

tibor

20 new vulnerabilities, including several remotely exploitable.

Hit WindowsUpdate.com now!

For vulnerability details, see:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-012.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-013.mspx
http://www.microsoft.com/technet/security/bulletin/MS04-014.mspx

Mac daddy

It think it is time to remove MS of the box that i have at home now.... and throw a linux on it...

po0k

www.debian.org

zAbbo

I done a quick update and it picked out 3 for me, Windows XPsp1, updated every month or so.

Mutant_Fruit

out of interest... how compatible is linux with games? I'm not one of those freaks who absolutley have to get 200FPS when playing counter-strike, so long as i get a solid FPS over 40 i'm happy.

Is that possible on linux?

Each update probably covers a few critical holes i'd say. 5 critical updates for me

daveyjoe

If I could download the bloody updates without UTV reseting the connection to server every 3 minutes, bloody clicksilver.

My feelings on the vulnerabilities... I am quite pleased that there are 20 new vulnerabilities that are patched by Microsoft. Remember Microsoft have hired some of the best hackers to search for vulnerabilities. I'm sure if hackers were paid to find vulnerabilities in Linux, they would. At least MS are looking for the vulnerabilities and instead of ignoring them, they are fixing them. As long as you update Windows regularly and you don't open dodgy attachments that claims to be 'a cool screensaver', then Windows is pretty safe.

My two cents anyway, if only I could download the bloody things.

Nick_oliveri

Speaking security wise

Linux=Tank
Windows=W@nk

daveyjoe

Originally posted by Nick_oliveri
Speaking security wise

Linux=Tank
Windows=W@nk

True, but it's also true to say that Linux hasn't been probed for vulnerabilities as much as windows. Windows is at a disadvantage from the outset, because it is a more likely target for two reason's:

1. It has a much bigger user base.

2. Generally the users of Windows are less knowledgeable about computers than linux users.

It's encouraging that Microsoft are trying to find holes in their OS, instead of just hoping that nobody else will.

Dun

Yeah, but how many linux servers are there out there? I imagine that hackers are more interested in hacking those than Mary Murphy's home pc. This thread had some interesting points on the first page about what does make linux better in the security department (rather than just saying it is).

iisollie

For those who believe Linux is invulnerable see
http://www.debian.org/News/2003/20031121

November 21st, 2003
This is a very unfortunate incident to report about. Some Debian servers were found to have been compromised in the last 24 hours.

Emboss

Originally posted by iisollie
For those who believe Linux is invulnerable see
http://www.debian.org/News/2003/20031121

iisollie,

You're an absolute fountain of security related information.

Thanks for that. :rolleyes:

po0k

Originally posted by Mutant_Fruit
out of interest... how compatible is linux with games? I'm not one of those freaks who absolutley have to get 200FPS when playing counter-strike, so long as i get a solid FPS over 40 i'm happy.

Is that possible on linux?

Yes.
www.winhq.com
www.transgaming.com
There are also several big-name linux ports of games aswell.
Quake series and Unreal2K3/2K4.
HL works too afaik.
It can be a little bit of work to get WineX working unless you pay for it, but the Wine crowd are working on the DirectX side of things aswell, so we should see some nice developments there soon.

Each update probably covers a few critical holes i'd say. 5 critical updates for me

yeah
MS PR trying to make it look like less, though why they didn't just roll all the "critical" patches together is a bit of a mystery.

Anyways, here's the MRTG stats from the Akamai mirror in NUIG (from which the universities, ITs and alot of companies and joe spud's were downloading the patches yesterday).
The link had to be bumped up to 100MBit to cope because many people (DCU) were finding it nigh-on impossible to get them due to the demand.

iisollie

Emboss,

You're an absolute fountain of security related information

I take it from your sarcasm you 'd prefer if nobody mentioned this

ollie

kaimera

only 5 critical updates for me.

as regards MS Windows being insecure...as was said, biggest user database/more coverage....and a LOT of anti-MS feelings tends to add to it being attacked and vulnerabilities being exploited.

Somebody said to me there isn't a single virus/trojan/hack for Macs. is this true?

tricky D

It's encouraging that Microsoft are trying to find holes in their OS, instead of just hoping that nobody else will.

It is disturbing that they take months to do this while the info on so many of the vulnerabilities is already detailed in the wild. Their speed of response is a common complaint pen-test, vulnerabilites etc mailing lists/forums.

Big Chief

i agree with everything daveyjoe said...

linux is all fair and well, but why try to hack ppl who obviously know about computers when you can go for the non tech dummy through windows..

windows is also more user friendly i thought when concerning new ppl to computers hence why it has such a massive lead over any other os.. the biggest os by far is always going to be getting most hit by security vulnerabilities, it just makes sense that way..

(i pretty much just re-itterated what davey joe said i think )

Emboss

Originally posted by iisollie
Emboss,



I take it from your sarcasm you 'd prefer if nobody mentioned this

ollie

I fail to see what debian machines getting comprimised in november of last year has _anything_ to do with the topic.

No one said any linux distro was "invulnerable" as you put it.

Why would I care if you brought something to light that was 8 months old?
You think the linux community try's to hide these issues?

It makes no difference to me at all that someone mentions it, I'm not a linux user.

But if you are going to post a link at least back it up with something.

So should we all stop using OSS becuase of this?

po0k

Originally posted by Kaimera
only 5 critical updates for me.

the patches fix more than one thing at a time.

Somebody said to me there isn't a single virus/trojan/hack for Macs. is this true?

For MacOS9 and earlier, probably very few major ones, simply because relatively few people used the things
With OSX, BSD-type exploits could be found, especially with 1U Xserves at their current price/performance...

RE OSS security.
It's secure because it's open, there is a certain ego/critique of your work/peer-review thing in patching holes as soon as their found, and because the code is in the public domain, it's subjected to far more rigourous testing than any company could reasonably expect to be economically viable to perform on their closed-source products.
It's the nature of the beast.
There are damn all virusii for UNIX-type OSes, because of the way user accounts and permissions are handled.
There are exploits, but, as outlined above, they are generally fixed very fast.

If you want to know how software is and was always supposed to written and used, look here:
The Birthplace Of Modern Computing

Gerry

There is a current trend towards giving OSS pointy-clicky programs more privileges, and to try and reduce the need for root access to a machine. This can bring with it the possibility of more exploits. The difference with OSS is that such possibilities are acknowledged, and normally the option will be given to install the program without the bigger potential security loopholes. The incentive to attack *nix desktop machines will grow with their popularity, but I'd say most of the growth will be in propagating worms more effectively, rather than windows style viruses, which normally rely on the user to open attachments or whatever.

TCP/IP

Anybody that thinks that Linux is much better security wise then Windows should get there head read. Well it would take me an average of about 1-2 min to hack a Windows machine and basically the same time for a Linux box. I am a big fan of the concept of Linux and free software but the problem is it is basically sh1t unless you are using it as a web server or the likes.

Emboss

Originally posted by TCP/IP
Anybody that thinks that Linux is much better security wise then Windows should get there head read. Well it would take me an average of about 1-2 min to hack a Windows machine and basically the same time for a Linux box. I am a big fan of the concept of Linux and free software but the problem is it is basically sh1t unless you are using it as a web server or the likes.

Ok, so how is windows better security wise...

lets hear your research.

TCP/IP

i am certainly not saying that windows is better security i am saying that basically Linux is equally as bad thats all