- TalkBack 34 of 49:
- Next »
- « Previous
- Thread View
- Flat View
- The standard bad news for MS
-
``The first critical problem involves a vulnerability in the "Task Scheduler" stemming from an unchecked buffer, which is a program in memory that accepts data from external sources. An unchecked buffer is one that does not include commands to ensure that the data is valid.
Microsoft said that if a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs, deleting data, or creating new accounts with full privileges. Microsoft added that users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.''
i.e., the standard ``free'' functionality that comes with the MS platform. But see it in another, more positive light: it is a feature that allows DISTRIBUTED SYSTEMS MANAGEMENT. The problem is that is allows the WRONG people to carry out a the wrong management to one's valuable personal data.
``According to Symantec, in a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page used to exploit this vulnerability. An attacker also would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.''
And it is so hard these days to make someone click a link on the page he/she is currently visiting....
``Microsoft said the second critical update concerns vulnerabilities related to "HTML Help" and "showHelp." If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, the company said.''
So, you thought you could do sysadmin tasks AND read help at the same time? Wrong: this is a prohibited combination as per the `Trustworthy Computing Intitiative' spec (
)
``Microsoft said four other security updates rated as "important," the second-highest rating given by the company. The last security update was rated "moderate" in severity.''
What does it take to call a thread as `critical'? Does the PC need to start smoking first?
``Corporate VP Mike Nash announced the tool for Download.Ject during a speech at the Worldwide Partner Conference in Toronto. The company also said that it has reached its goal--ahead of schedule--to train half a million customers and partners on how best to secure their systems.''
Great, with the claimed 600,000,000 PCs available arounf the world, it would take around 1,200 days (3.28 full years) to train all these people, IF 1/2 million of them woulbd be trained PER DAY.
``Microsoft also noted that five times as many people are using Windows' automatic update feature as were signed up 10 months ago.'' 5 times WHAT?
Again, I CANNOT get over the fact that there can be s/w for which 10s or 100s of millions man-hours have been invested by a company with relatively limitless resources, but IT CANNOT BE CORRECTED!! This deserves a prominent place in the ``IT History of SHAME''....
How is it that organizations with minute resource vs those of MS, CAN produce s/w that behaves more securely and more efficiently and it can run on a LENGHTY array of different h/w platforms? We are living in interesting times....
OK: now download your 250MB BETA patch and contribute your share to pay the $ 200 Billion bill to clean up the MS global security chaos.
MS will be renembered as the company that managed to foll so many people for such a long time. AKA the era of Massive Masochism.
Enjoy ! -m - Posted by: michael-t Posted on: 07/13/04 You are currently: a Guest | Members login | Terms of Use
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Trend Micro Email Encryption Trend Micro Take this tour of our Email Encryption demo, and learn: Why you ... Download Now
- Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
- ChangeAuditor for Exchange ScriptLogic Quest ChangeAuditor for Exchange proactively audits all activity, provides ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
- Windows Server 2008 R2 Optimizes IT
-
See how you can optimize your IT department and save money, using Windows Server 2008 R2.
- Click to download >>
- Keep Up With The Latest In Document Management with The DocuMentor.
-
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
- Learn more >>
SmartPlanet
- Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
- More from IBM
-
- How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
- Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
- Linking Decisions and Information for Organizational Performance Read the Tom Davenport study
