Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

[News] [Rival] Windows Vista is Critically Flawed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Microsoft Fixes Critical Windows Image Flaw

,----[ Quote ]
| The flaw, MS09-006, involves the way the Windows kernel handles WMF and EMF 
| (Windows Metafile and Enhanced Metafile) images. Simply viewing such an image 
| on an unpatched PC would allow an attacker to execute any command, such as 
| downloading and installing malware, and the risk is rated critical for 
| Windows 2000, XP, Server 2003, Vista and Server 2008.    
`----

http://www.pcworld.com/article/161007/metafilepatch.html?tk=rss_news


Related:

Bypassing Microsoft Vista's Memory Protection

,----[ Quote ]
| This is huge...
`----

http://www.schneier.com/blog/archives/2008/08/bypassing_micro.html


Critical Vulnerability in Microsoft Metrics

,----[ Quote ]
| This is a small subset of all the vulnerabilities, because the
| vulnerabilities that are found through the QA process and the vulnerabilities
| that are found by the security folks they engage as contractors to perform
| penetration testing are fixed in service packs and major updates. For
| Microsoft this makes sense because these fixes get the benefit of a full test
| pass which is much more robust for a service pack or major release than it is
| for a security update.      
`----

http://blog.mozilla.com/security/2007/11/30/critical-vulnerability-in-microsoft-metrics/


Skeletons in Microsoft’s Patch Day closet

,----[ Quote ]
| This is the first time I’ve seen Microsoft prominently admit to silently
| fixing vulnerabilities in its bulletins — a controversial practice that
| effectively reduces the number of publicly documented bug fixes (for those
| keeping count) and affects patch management/deployment decisions.  
`----

http://blogs.zdnet.com/security/?p=316


Beware of undisclosed Microsoft patches

,----[ Quote ]
| Forget for a moment whether Microsoft is throwing off patch counts
| that Microsoft brass use to compare its security record with those
| of its competitors. What do you think of Redmond’s silent patching
| practice?
`----

http://blogs.zdnet.com/microsoft/?p=527


Microsoft is Counting Bugs Again

,----[ Quote ]
| Sorry, but Microsoft's self-evaluating security counting isn't really a
| good accounting.
|
| [...]
|
| The point: Don't count on security flaw counting. The real flaw is
| the counting.
`----

http://www.microsoft-watch.com/content/security/microsoft_is_counting_bugs_again.html?kc=MWRSS02129TX1K0000535
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkm3jLYACgkQU4xAY3RXLo6OfQCePr4B1DfKc1e28UmQYwyhvYyL
8DQAn3KpXjWd5Zyhj69Vaf14KualE+pz
=Rl7m
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index