-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Rivals: Low share led to drop of OneCare
,----[ Quote ]
| In a statement, Rowan Trollope, the senior vice president of consumer
| business at Symantec said:
|
| We view this announcement as a capitulation by Microsoft, and a
| reinforcement of the notion that it's simply not in Microsoft's DNA to
| provide high-quality, frequently updated security protection.
`----
http://blog.seattlepi.nwsource.com/microsoft/archives/154889.asp
AVG Sees Uphill Battle for Microsoft in Its Launch of Free Anti-Virus Software
,----[ Quote ]
| Microsoft will also likely contend with a severe backlash from dissatisfied
| channel partners, whose margins and unit sales will be negatively impacted as
| a result of the free product offering, AVG believes.
`----
http://www.marketwatch.com/news/story/AVG-Sees-Uphill-Battle-Microsoft/story.aspx?guid=%7B8BC1C9BA-4BAD-407F-B6AE-D3E19C15A043%7D
http://tinyurl.com/6d5n48
Microsoft's Morro Incites Mixed Feelings From Competition
,----[ Quote ]
| Microsoft's Morro, its new free antimalware software scheduled to be released
| next year, will probably not be a threat in the long run, major security
| companies say.
`----
http://www.crn.com/security/212101495
Recent:
Gaining System-Level Access To Vista
,----[ Quote ]
| This video shows a method by which a user can use a Linux distro called
| BackTrack to gain system access to Windows Vista without logging into Windows
| or knowing the username or password for any accounts. To accomplish this, the
| user renames cmd.exe to Utilman.exe — this is the program that brings up the
| Accessibility options for users without sight or with limited vision. The
| attack takes advantage of the fact that the Utility Manager can be invoked
| before the user logs into the system. The user gains System access, which is
| a level higher than Administrator. The person who discovered this security
| hole claims that XP, 2000, 2003 and NT are not vulnerable to it; only Windows
| Vista is.
`----
http://tech.slashdot.org/article.pl?sid=08/05/26/0257213
How Microsoft missed the boat on zero-day threats
,----[ Quote ]
| On Jan. 15, 2002, Microsoft Corp. Chairman Bill Gates issued a jaw-dropping
| memo with the subject line "Trustworthy Computing." To stem rising hacker
| attacks, Gates ordered all Windows development halted and directed his
| company's full attention to shoring up security.
`----
http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=315273&taxonomyId=17&intsrc=kc_feat
Vista Called as Vulnerable as Predecessors
,----[ Quote ]
| It looks as if Vista's reputation for improved security could be heading for
| the pages of history. PC Tools has renewed last week's attack on the platform
| with new figures that appear to back up its claim that Vista is almost as
| vulnerable as its predecessors.
`----
http://www.pcworld.com/businesscenter/article/146281/vista_called_as_vulnerable_as_predecessors.html
Vista security credentials tarnished in malware survey
,----[ Quote ]
| "[Vista]has been hailed by Microsoft as the most secure version of Windows to
| date. However, recent research conducted with statistics from over 1.4
| million computers within the ThreatFire community has shown that Windows
| Vista is more susceptible to malware than the eight year old Windows 2000
| operating system, and only 37 per cent more secure than Windows XP," said
| Simon Clausen, chief exec at PC Tools.
`----
http://www.theregister.co.uk/2008/05/09/win_malware_survey/
Vista as Insecure as Windows 2000
http://www.pcworld.com/businesscenter/article/145681/vista_as_insecure_as_windows_2000.html
February bringing bumper Microsoft patch crop
,----[ Quote ]
| The seven items with a maximum security rating of critical all involve
| potential remote code execution. Affected software includes Windows, Office,
| Visual Basic, and Internet Explorer.
|
| There will be at least one critical update for all currently supported
| versions of Windows, including Vista.
`----
http://www.itwire.com/content/view/16531/1054/
2008 kicks off with critical Vista/XP patch
,----[ Quote ]
| Microsoft's first set of security bulletins for 2008 may be slim, but will
| include a fix for a critical vulnerability in XP and Vista.
`----
http://www.itwire.com/content/view/15956/53/
Windows Vista Has Another New Critical Vulnerability
,----[ Quote ]
| One of the updates is considered critical for Windows Vista and XP users
| because the flaw it fixes could be used by attackers to install unauthorized
| software on a victim's computer.
`----
http://www.infoworld.com/article/08/01/03/Microsoft-prepares-two-Windows-security-updates_1.html
http://tinyurl.com/2ls6x4
Related:
Critical Vulnerability in Microsoft Metrics
,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.
`----
http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/
Skeletons in Microsoft’s Patch Day closet
,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.
`----
http://blogs.zdnet.com/security/?p=316
Beware of undisclosed Microsoft patches
,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----
http://blogs.zdnet.com/microsoft/?p=527
Microsoft is Counting Bugs Again
,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----
http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
Microsoft fixes 11 flaws in 7 patches; 5 affect Windows Vista
,----[ Quote ]
| Microsoft on Tuesday released its December 2007 security bulletin, which
| includes seven updates: three are designated as critical by the software
| giant and four are deemed important.
`----
http://www.news.com/8301-10784_3-9832347-7.html?part=rss&subj=news&tag=2547-1_3-0-20
December 2007's Patch Tuesday's Going to Be Big - Really Big
,----[ Quote ]
| A Trio of Critical Patches
|
| First up is a remote code execution patch for DirectX versions 7.0 (Windows
| 2000) through 10.0 (Windows Vista).
`----
http://www.maximumpc.com/article/december_2007s_patch_tuesdays_going_to_be_big_really_big
Security hole in MS-Windows Vista on Thanksgiving
,----[ Quote ]
| Microsoft, although late, but did acknowledge that it is a flaw even in the
| latest OS (Vista) which should have been fixed long back.
`----
http://technology.millionface.com/2007/11/27/security-hole-in-ms-windows-vista-on-thanksgiving/
http://tinyurl.com/32uq44
Thirty-Six Updates Later—and Counting
,----[ Quote ]
| Over the Thanksgiving holiday, I refreshed one of my Windows Vista test
| machines. Oh my, there were so many Windows Updates.
`----
http://www.microsoft-watch.com/content/vista/thirty-six_updates_laterand_counting.html?kc=MWRSS02129TX1K0000535
http://tinyurl.com/355uqw
Vista security threats to rise in 2008: McAfee
,----[ Quote ]
| Microsoft’s Windows Vista operating system will face increasing security
| threats, according to McAfee Avert Labs predictions for top 10 security
| threats in 2008.
`----
http://www.business-standard.com/common/storypage.php?autono=304706&leftnm=8&subLeft=0&chkFlg=
Microsoft issues 6 'critical' patches
,----[ Quote ]
| The updates affect many versions of Windows, Server and Office software --
| including Windows XP and Windows Vista -- and are meant to prevent hackers
| from breaking into Web surfers' computers using specially crafted Web pages.
`----
http://news.yahoo.com/s/ap/20070814/ap_on_hi_te/microsoft_security
Buffer the Overflow Slayer v. the ActiveX Files
,----[ Quote ]
| The vulnerability was discovered by Krystian Kloskowski and is rated "highly
| critical" in this posting on Secunia. It's also discussed here on the US-Cert
| website. Proof-of-concept code can be found on MilW0rm here.
`----
http://www.theregister.co.uk/2007/08/14/sdk_spreads_vuln_love/
Microsoft plans six critical patches
,----[ Quote
| At least one of the critical vulnerabilities involves Internet Explorer 7 and
| Windows Vista, both of which were conceived under new and highly vaunted
| ^^^^^^^^^^^^^
| development rigors designed to produce more secure products.
`----
http://www.theregister.co.uk/2007/08/09/microsoft_august_patch_tuesday/
Patch Tuesday: Critical IE, Vista patches on deck
,----[ Quote ]
| Of the four criticals, two will include high-severity patches for
| Windows Vista. The bulletin rated ?moderate? only affects Vista.
`----
http://blogs.zdnet.com/security/?p=273
June Patch Tuesday to deliver Vista fixes and more
,----[ Quote ]
| Four of this month's bulletins are labelled 'critical' and
| relate to vulnerabilities that may allow remote code execution.
`----
http://www.itwire.com.au/content/view/12751/
Microsoft Plugs Critical Vista Hole
,----[ Quote ]
| Microsoft has just patched another critical hole in Vista that it
| knew about as long ago as last Christmas. The delay was similar
| to its lag in patching the serious (and heavily targeted)
| animated-cursor flaw I told you about last month.
`----
http://www.pcworld.com/article/id,132082/article.html
Microsoft Patches Not One, But Three Vista Holes
,----[ Quote ]
| Microsoft today released an update for the recently popular 'animated
| cursor' vulnerability. The update was originally scheduled for April
| 10th, but due to recent exploits, was rushed out today. The update
| wasn't just for this one vulnerability though, in Vista, it addressed two
| others, and in all covered seven vulnerabilities in Vista, XP and
| 2000.
`----
http://itsvista.com/2007/04/microsoft-patches-not-one-but-three-vista-holes/
Windows Vista's Built-in Rootkit
,----[ Quote ]
| This poor implementation of the permissions structure can be exploited
| by malware to make files that are undetectable to Anti-Virus products.
`----
http://www.jmcardle.com/blog/?p=361
More Windows cursor patch trouble
,----[ Quote
| A new issue with the fix has also come up. Some customers have
| experienced trouble when printing from SQL Reporting Services to
| a Printer Command Language (PCL) printer, Microsoft said.
`----
http://news.com.com/8301-10784_3-9710649-7.html?part=rss&subj=news&tag=2547-1_3-0-20
http://tinyurl.com/3xrm4k
Windows cursor patch causing trouble
,----[ Quote ]
| Installing Microsoft's Tuesday patch for a "critical" Windows
| vulnerability is causing trouble for some users.
`----
http://news.com.com/Windows+cursor+patch+causing+trouble/2100-1002_3-6173413.html
MS Patch Tuesday: Vista dinged again
,----[ Quote ]
| For the second time this month, Microsoft has shipped a security
| bulletin with patches for a "critical" Vista vulnerability that
| puts millions of users at risk of code execution attacks.
`----
http://blogs.zdnet.com/security/?p=161
Security Researchers Say Windows .ANI Problem Surfaced Two Years Ago
,----[ Quote ]
| Security researchers say the Windows .ANI bug that has been plaguing
| users for the past week first surfaced -- and was patched --
| in early 2005.
`----
http://www.informationweek.com/news/showArticle.jhtml?articleID=198800828
Week in review: Cursing Windows' cursor flaw
,----[ Quote ]
| The software giant broke with its monthly patch cycle to fix a bug
| that cybercrooks had been using since last week to attack Windows
| PCs, including those running Vista.
`----
http://news.com.com/2100-1083_3-6173895.html?part=rss&tag=2547-1_3-0-20&subj=news
ANI takers for Asus website virus?
,----[ Quote ]
| Asus.com.tw, the website of Taiwanese motherboard maker Asustek,
| has been spraying visitors with the .ANI virus, security software
| makers confirmed today.
`----
http://www.theregister.co.uk/2007/04/06/asus_website_viruses/
Cursor hackers target WoW players
,----[ Quote ]
| World of Warcraft players are being targeted by hackers exploiting
| flaws in how Windows handles animated cursors.
`----
http://news.bbc.co.uk/1/hi/technology/6526851.stm
Will Next Tuesday's 3 Updates Effect Vista?
,----[ Quote ]
| I would suspect that one will be a patch for the Windows MessageBox
| exploit, so Vista should get it. Might another be for the Vista
| 'Timer/2099 Crack'? I wouldn't consider it critical, but
| Microsoft probably does.
`----
http://itsvista.com/2007/01/will-next-tuesdays-3-updates-effect-vista/
Windows Vista now has its first exploit spotted in the public
,----[ Quote ]
| Security experts have confirmed that a proof of concept code for an
| unpatched vulnerability in Windows Vista has been released on
| the internet.
`----
http://www.it-networks.org/?news=172
Windows Vista: It's More Secure, We Promise
,----[ Quote ]
| Well, allow me to take a moment to remind everyone of something that
| you might not remember - XP was also touted as being ultra secure.
| Seriously, can anyone honestly look themselves in the mirror and say
| this is the gospel truth? You have got to be kidding me. Similar to
| XP, Microsoft promises to have the most secure Windows version to date
| yet again.
`----
http://www.osweekly.com/index.php?option=com_content&task=view&id=2357&Itemid=449
Old:
Cisco exec: Windows Vista is scary
,----[ Quote ]
| "Parts of Vista scare me," Gleichauf said at the Gartner Security Summit
| here on Monday. "Anything with that level of systems complexity will have
| new threats, as well as bringing new solutions. It's always a struggle
| in security, trying to build for what you don't know."
`----
http://news.zdnet.com/2100-1009_22-6116823.html
Symantec Finds Flaws In Vista's Network Stack
,----[ Quote ]
| Researchers with Symantec's advanced threat team poked through
| Vista's new network stack in several recent builds of the
| still-under-construction operating system, and found several bugs
| -- some of which have been fixed, including a few in Monday's
| release -- as well as broader evidence that the rewrite of the
| networking code could easily lead to problems.
|
| [...]
|
| Among Newsham's and Hoagland's conclusions: "The amount of new
| code present in Windows Vista provides many opportunities for
| new defects."
|
| "It's true that some of the things we found were 'low-hanging
| fruit,' and that some are getting fixed in later builds,"
| said Friedrichs. "But that begs the question of what else
| is in there?"
`----
http://www.techweb.com/wire/security/190700049;jsessionid=MWLALDT21M1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkkqmrgACgkQU4xAY3RXLo6V/ACdFOmcQQYwT6KjcNgWqC4fAaYJ
OsQAn3y2vWNEinuEBa7MfkpigaydAaiP
=5Dji
-----END PGP SIGNATURE-----
|
|
