Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] MSWord Vulnerable to Hijackers Despite Lots of (12) "Critical" Patches

  • Subject: [News] [Rival] MSWord Vulnerable to Hijackers Despite Lots of (12) "Critical" Patches
  • From: Roy Schestowitz <newsgroups@xxxxxxxxxxxxxxx>
  • Date: Sun, 23 Mar 2008 16:57:00 +0000
  • Newsgroups: comp.os.linux.advocacy
  • Organization: Freelance
  • User-agent: KNode/0.10.4
Microsoft Warns of New Attack on Word

,----[ Quote ]
| Microsoft on Friday warned that cyber criminals may be taking advantage of an 
| unpatched flaw in the Windows operating system to install malicious software 
| on a victim's PC.  
`----

http://www.pcworld.com/article/id,143749-pg,1/article.html

Microsoft Reissues Security Patch for Excel 2003

,----[ Quote ]
| The initial patch fixed Excel 2003's security problem, but unmasked the 
| calculation problem too. 
`----

http://www.adtmag.com/article.aspx?id=22301

Get Owned or get your maths wrong. Your choice. 


Earlier this month:

Microsoft fixes a dozen Office flaws in four patches; all are critical

,----[ Quote ]
| Microsoft today released its March 2008 security bulletin, which includes 
| four bulletins, all deemed critical by Microsoft. 
`----

http://www.news.com/8301-10789_3-9891047-57.html?part=rss&subj=news&tag=2547-1_3-0-20


Recent:

Vista SP1 will contain undocumented fixes

,----[ Quote ]
| Interesting email in today mailbag:  “Will SP1 contain undisclosed or 
| undocumented security fixes?” 
| 
| For some people, counting the number of security flaws that one OS has 
| compared to another is important because it offers a metric upon which to  
| determine which OS is the most secure (personally, I feel that it’s a bogus 
| metric, but I’ll let it slide for now).  However, many claim that Microsoft 
| stacks the deck in its favor by not disclosing a full list of vulnerabilities 
| that have been patched by omitting to include those discovered and patched 
| in-house.      
`----

http://blogs.zdnet.com/hardware/?p=1225


Related:

http://antitrust.slated.org/www.iowaconsumercase.org/011607/3000/PX03096.pdf


Critical Vulnerability in Microsoft Metrics

,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the 
| vulnerabilities that are found through the QA process and the vulnerabilities 
| that are found by the security folks they engage as contractors to perform 
| penetration testing are fixed in service packs and major updates. For 
| Microsoft this makes sense because these fixes get the benefit of a full test 
| pass which is much more robust for a service pack or major release than it is 
| for a security update.      
`----

http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/


Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently 
| fixing vulnerabilities in its bulletins — a controversial practice that 
| effectively reduces the number of publicly documented bug fixes (for those 
| keeping count) and affects patch management/deployment decisions.   
`----

http://blogs.zdnet.com/security/?p=316


Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts 
| that Microsoft brass use to compare its security record with those 
| of its competitors. What do you think of Redmond’s silent patching 
| practice?
`----

http://blogs.zdnet.com/microsoft/?p=527


Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a 
| good accounting.
| 
| [...]
| 
| The point: Don't count on security flaw counting. The real flaw is 
| the counting.
`----

http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index