OT: Windows Update site

[NightSky 421]

I thought I would mention that when reading the Business section of the
Edmonton Sun newspaper this morning that Microsoft said they released eight
new critical updates for Windows XP yesterday. I thought I would mention it
here given the number of updates.

Well, so much for the tight security that was promised with the introduction
of Service Pack 2.

 

[Chris Pound]

I thought I would mention that when reading the Business section of the
Edmonton Sun newspaper this morning that Microsoft said they released eight
new critical updates for Windows XP yesterday. I thought I would mention it
here given the number of updates.

Well, so much for the tight security that was promised with the introduction
of Service Pack 2.

Linux get security patches on a regular basis too. New exploits are
always going to be found by some hacker.

 

[Stoneskin]

Chris Pound left a note on my windscreen which said:

Linux get security patches on a regular basis too. New exploits are
always going to be found by some hacker.

I like the fact that these updates are released reguarly and easy to get
hold of - both for Windows and Linux OSes.

My glass is half full

 

[Ben Pope]

I thought I would mention that when reading the Business section of
the Edmonton Sun newspaper this morning that Microsoft said they
released eight new critical updates for Windows XP yesterday. I
thought I would mention it here given the number of updates.

Well, so much for the tight security that was promised with the
introduction of Service Pack 2.

SP2 changed quite a lot of things - new improved firewall, better default
settings etc, they changed a lot of code and it is a lot tighter. They were
never going to find all the problems, the codebase for Windows must be
gigantic.

My guess is that the 8 updates are probably related somehow, I doubt they've
been saving them up.



Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx

Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution
(888113)
http://www.microsoft.com/technet/security/bulletin/MS05-015.mspx

Cumulative Security Update for Internet Explorer (867282) (Remote Code
Execution)
http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx

Vulnerability in the DHTML Editing Component ActiveX Control Could Allow
Remote Code Execution (891781)
http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx

Vulnerability in Server Message Block Could Allow Remote Code Execution
(885250)
http://www.microsoft.com/technet/security/bulletin/MS05-011.mspx

Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
http://www.microsoft.com/technet/security/bulletin/ms05-009.mspx

Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)
http://www.microsoft.com/technet/security/bulletin/MS05-008.mspx

I guess thay all look pretty similar.


These ones are different:
Vulnerability in Windows Could Allow Information Disclosure (888302)
http://www.microsoft.com/technet/security/bulletin/MS05-007.mspx

ASP.NET Path Validation Vulnerability (887219)
http://www.microsoft.com/technet/security/bulletin/ms05-004.mspx


There's also a Malicous Software Removal Tool, which is nice.

And a cumulative update to OE, that doesn't look security related.

Ben

 

[Michael W. Ryder]

SP2 changed quite a lot of things - new improved firewall, better default
settings etc, they changed a lot of code and it is a lot tighter. They were
never going to find all the problems, the codebase for Windows must be
gigantic.

My guess is that the 8 updates are probably related somehow, I doubt they've
been saving them up.

They do save them up. They only release the patches once a month now
instead of when they are ready.

 

[NightSky 421]

SP2 changed quite a lot of things - new improved firewall, better default
settings etc, they changed a lot of code and it is a lot tighter. They
were never going to find all the problems, the codebase for Windows must
be gigantic.

I guess that's true.

My guess is that the 8 updates are probably related somehow, I doubt
they've been saving them up.

I don't know if this is the best strategy for them to be using since it
means vulnerabilities aren't fixed right away, but at least it seems that
Microsoft has been making a genuine effort to improve security overall.

 

[Heckler]

I guess that's true.






I don't know if this is the best strategy for them to be using since it
means vulnerabilities aren't fixed right away, but at least it seems that
Microsoft has been making a genuine effort to improve security overall.

All it really means is that M$ are trying to create the illusion they
are trying to improve security. The only way to do that is to take out
half the junk in the OS that allows certain software to affect others.
FOr example having OE and IE interact in such a way that creates these
issues in the first place. If they would only have programs that acted
independently of each other and the OS you'd get rid of 75% of security
related issues.



H

 

[Ben Pope]

All it really means is that M$ are trying to create the illusion they
are trying to improve security. The only way to do that is to take out
half the junk in the OS that allows certain software to affect others.
FOr example having OE and IE interact in such a way that creates these
issues in the first place. If they would only have programs that acted
independently of each other and the OS you'd get rid of 75% of
security related issues.

Thats somwhat misguided. In fact, thats actually genius:

If you don't allow any software component access to any other software
component, you WILL get rid of much of the problems. Probably at a much
lower rate than that which you throw functionality away, however.

Just leave the machione switched off. Problem solved. Genius.

Ben