Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] The Dangers of Relying on Proprietary Software Vendors

Customers lose when vendors refuse to patch

,----[ Quote ]
| This is pre-Blaster thinking. In August 2003, when the MS-Blaster
| worm was first detected, most corporate defenders initially relaxed
| because the port affected (RPC TCP port 135) was not typically
| reachable over the Internet because of blocking network perimeter
| firewalls. Microsoft had a month-old patch out that closed the
| vulnerability, but hardly anybody was rushing install it. "The
| firewall will protect us," we all thought.
| 
| Then the center of the network became exposed. VPN users from
| home got infected and spread the worm through remote connections
| that bypassed normal firewall rules. Unprotected laptops got
| infected on the road and came home to roost when plugged back
| into the corporate LAN. Extranet business partner networks got
| infected; CEOs got infected picking up non-corporate HTML
| e-mail; and vulnerable consultant computers plugged into the network.
| 
| The number of MS-Blaster infections on Days 1 and 2 wasn?t bad,
| but by Day 3, every unpatched corporate computer was infected and
| rebooting over and over again. Computing literally came to a
| standstill that week for many enterprises; it was impossible to
| install a new Windows PC and patch it before it was exploited.
| It took some companies months to fully eradicate MS-Blaster. 
`----

http://www.infoworld.com/article/07/01/12/03OPsecadvise_1.html

A classic example of the benefits of Open Source software.


Related:

Microsoft leaves Word zero-day holes unpatched

,----[ Quote ]
| Microsoft on Tuesday released fixes for vulnerabilities in its
| Windows and Office software, but left several known Word
| zero-day flaws without a patch.
`----

http://news.zdnet.com/2100-1009_22-6148687.html


Microsoft's Achilles' Heel: Office

,----[ Quote ]
| To put last year's 41 critical Office patches into perspective,
| consider that Microsoft shipped a total of 37 critical updates for
| all of its software products in 2005. None of the patch or
| vulnerability numbers cited in this story takes into account
| three still-unpatched vulnerabilities present in Microsoft Word,
| two of which Microsoft has acknowledged that criminals are
| actively exploiting.
`----

http://blog.washingtonpost.com/securityfix/2007/01/microsofts_achilles_heel_offic_1.html#more


Third exploit for Word released

,----[ Quote ]
| Hackers have released attack code that exploits a critical vulnerability
| in Microsoft's Word software -- the third such bug to be disclosed in
| the past week.
`----

http://www.it-networks.org/Security/121.html


Triple threat targets Word users

,----[ Quote ]
| Users of Microsoft Word are being urged to be careful as malicious
| hackers target the word processing software.
| 
| Three unpatched bugs in Word have been uncovered in the last few
| weeks and two are already being exploited by attackers. 
`----

http://news.bbc.co.uk/1/hi/technology/6196213.stm


Microsoft : Arrogance leads to Vulnerability

,----[ Quote ]
| Chatting with the Microsoft senior sales people, I was struck by
| their incredible arrogance. They know the company's products are good,
| but they have no qualms whatsoever about charging top dollar as a
| result.
| 
| It reminds us how Microsoft used to behave when it comes to their
| products' security records. IE5 and 6 were nothing short of being
| proper Swiss Cheese with loads of holes in them but hey, they had 95%
| of the browser market at that time and couldn't care less.
`----

http://securityblog.itproportal.com/?p=514

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index