Network News

X My Profile
View More Activity

Microsoft to Issue Emergency Patches Next Week

As Security Fix predicted earlier this week, Microsoft says it plans to issue at least two out-of-band software updates next week to plug a series of unusually stubborn and critical security holes in the Windows operating system and its Internet Explorer Web browser.

Microsoft says it will issue two patches -- one to deal with problems in Internet Explorer, and another to fix a bug in its Visual Studio software suite.

From Microsoft:

While we can't go into specifics about the issue prior to release, we can say that the Visual Studio bulletin will address an issue that can affect certain types of applications. The Internet Explorer bulletin will provide defense-in-depth changes to Internet Explorer to help provide additional protections for the issues addressed by the Visual Studio bulletin. The Internet Explorer update will also address vulnerabilities rated as Critical that are unrelated to the Visual Studio bulletin that were privately and responsibly reported.

The advance notification advisory that Microsoft released about these upcoming patches doesn't say so explicitly, but a spokesperson for the company confirmed that the updates will address a critical security flaw in collection of code that Microsoft uses in a number of places in Windows. Having a vulnerability in this so-called "code library" is especially dangerous because Microsoft also provides this library to third-party software makers to help them build programs that can leverage certain built-in features of Windows.

As usual, Security Fix will have the lowdown on these patches as soon as they're released next Tuesday.

By Brian Krebs  |  July 24, 2009; 7:29 PM ET
Categories:  New Patches  | Tags: microsoft 0day  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Network Solutions Hack Compromises 573,000 Credit, Debit Accounts
Next: Microsoft's Emergency Patch Mess

Comments

I'm reading this article using Firefox on the Ubuntu platform and not a bit concerned about yet another critical patch to an operating system and browser that's been in production for years and years. Apparently Microsoft will never get it right.

Posted by: fmschiav | July 25, 2009 7:48 AM | Report abuse

Many vulnerabilities affect Firefox, and as a long-time Unix guru I can assure you that Ubuntu is not invulnerable. The only reason it may appear less vulnerable is that, because of its relative rarity, it is not targeted by the profit-driven creators of malware.

Microsoft, to whom I have no affiliation or particular affinity, has gotten it remarkably "right," and has been relatively conscientious in keeping it right. The challenges they face in a world where their product is used by millions of people without the slightest clue about computer security and whose computers are connected to a blissfully open Internet are truly daunting. The fact that they release so many security patches is a tribute to their conscientiousness, not a knock on their product.

Linux, including Ubuntu along with Linux's myriad other flavors, on the other hand, tends to appeal exclusively to the small numbers among us who are far more knowledgeable about all matters related to computers, networks and software. It is therefore not targeted by malware because to do so would be a waste of time to those who would do you harm.

Don't be so smug. The very first computer worm affected Unix exclusively, and Linux machines are particularly easy to penetrate -- MUCH easier than Vista boxes -- when you know how to do it.

Posted by: FergusonFoont | July 25, 2009 9:34 AM | Report abuse

Something tells me, my decision to buy an Mac computer, is a good decision.

Posted by: dangreen3 | July 25, 2009 10:47 AM | Report abuse

I've noticed quite a few MS astroturfers lately since Ballmer declared jihad against Ubuntu. Notice how Ferguson refers to "the small numbers among us who are far more knowledgeable about all matters related to computers". Makes it sound like he's authoritative about *nix vs. MS OS's and therefore increases his believability. It's seems to be the modus operandi for their latest FUD campaign. Geez, talk about smug.

Any Unix-based OS will be more secure than an MS offering. That's just the way it is. Yes, currently there is security through obscurity by using Ubuntu, RHEL, etc. due to Microsoft's monopoly. But that does not logically negate that *nix is more secure to begin with.

Linux, Solaris and BSD are well-engineered systems with years of open source eyes scouring the code. Versus Microsoft's constant patchwork of offerings and incessant updates for basic coding errors. They're getting better but until they scrap their current kernel and adopt a BSD-based core (like Apple), they'll never compete with professional level systems wrt security.

So it boils down to this. Does anyone really think that the tens of millions of zombied Windows machines could occur with Ubuntu et. al. if the market percentages were switched? No, that's just silly and no amount of FUD will change that.

P.S. - Since you've found so many holes in the Linux kernel, I presume that you've reported them to the kernel list to be fixed? Try that with Vista after you've found an exploit and pray that it gets fixed within a year, as opposed to *nix-based patches that get fixed and deployed in a matter of days.

Posted by: SteveTomson | July 25, 2009 11:42 AM | Report abuse

Dude wasn't being smug, all he was saying is that you are not invulnerable, no matter what platform you use. And, especially since 99% of people are stupid, and 99% of people use windows, that's where all the malicious code is, because it's a business, not a brain measuring match.

Posted by: BMACattack | July 25, 2009 3:21 PM | Report abuse

AGAIN? not surprised there are an average of over 200 security fixes a year for Microsoft products... don't complain if you use 'em.

personally my businesses are too important to trust to MS....

Posted by: kkrimmer | July 25, 2009 3:35 PM | Report abuse

"Microsoft also provides this library to third-party software makers to help them build programs ..."
--------
Now consider the hot new "cloud computing" concept (read mainframe). I recently interviewed for a government 'intel" position - they didn't seem to like my answer when they asked my opinion about cloud computing being used by soldiers in future combat situations. I said it would be GREAT during peacetime, but I would think it vulnerable during wartime.

Also image all Americans using 'dumb' terminals to connect to the 'cloud' machine IN ANOTHER COUNTRY...lol! Cheap & cheaper!

Posted by: Sadler | July 25, 2009 10:44 PM | Report abuse

Hey BMACattack: The 99% of people who use IE aren't the same 99% who are "stupid." Some of us simply prefer IE - and do the best we can to protect our systems by patching regularly, using anti-virus software and firewalls, and staying away from iffy sites. The internet is just a big free-for-all, a chaotic and unregulated arena, and most of us wouldn't have it any other way.

Posted by: JBV1 | July 25, 2009 10:53 PM | Report abuse

fmschiav, and while other men are having sex with real women, you're having your usual jerkfest watch Internet porn on your precious Ubuntu system.

Posted by: bendan2000 | July 25, 2009 11:20 PM | Report abuse

Here's some more information from Verizon's Security Blog:

http://securityblog.verizonbusiness.com/2009/07/28/activex-risk/

Posted by: cdporter00 | July 28, 2009 4:42 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company