IMPORTANT- New Microsoft security updates.

[CALFFBOU]

Because security is important to your computer, here is
the Microsoft update that came out today-

http://www.microsoft.com/security

-Bou

SEATTLE - Microsoft Corp. released eight security fixes
Tuesday that carry its highest threat rating and urged
computer users to install them quickly because all the vulnerabilities they address could let attackers take
complete control of systems.


Seven of the security vulnerabilities Microsoft marked
"critical" affect the Windows operating system and
related software, including the Internet Explorer
browser, media player and instant messaging program.
The eighth is with the Redmond software maker's Office
XP business software.


Microsoft also released four security fixes that carry
lesser threat levels, but the problems could still let
attackers gain some control of a system.


"This is a month that has a significant number of
updates for customers to deploy," conceded Stephen
Toulouse, a Microsoft security program manager.


But he said the company works to make fixes
available as soon as it has them.


Toulouse said anyone running any version of Windows
will need to install at least one of the updates.
Many of the fixes also apply to Service Pack 2,
the massive security upgrade for Windows XP (news -
web sites) that was released this summer.


Among the fixes is a particularly important cumulative
update for the Internet Explorer browser. It includes
patches for vulnerabilities that have already been
made public.


Toulouse said some people have figured out how to exploit
some of those security holes, though the company hasn't
seen widespread attacks yet. Nonetheless, he said,
attackers have a head start, so these flaws could be
exploited much more quickly than others.


Another critical vulnerability could let an attacker
take control of a computer by tricking the user into
viewing a particular image, perhaps through the company's
MSN or Windows Messenger or its Windows Media Player.
The flaw takes advantage of imaging technology called
"PNG Processing."


Vincent Gullotto, a vice president with security
software maker McAfee Inc., said his researchers
were especially concerned about a critical flaw in
some Windows server software because that problem
could create a worm-like attack that spreads with
little interaction from users.


The large number of security updates could cause
problems for big businesses, which must rush to
secure their employees' computers while making
sure that the updates don't harm regular business
operations. Toulouse said Microsoft would offer
extra support for business customers to deal with
the mass of fixes.


The monthly fixes came as Microsoft announced plans
to acquire security software maker Sybari Software
Inc. as part of efforts to produce and sell its own
security products.


Microsoft's software is a frequent and popular target
for Internet-based attackers, and the company has made
security a priority amid increasing hassles for
business and consumer users.

On the Net:


http://www.microsoft.com/security

[firenresq77]

Thanks, Bou......... Odd, though........ I just got a "warning" today about critical updates downloadable, but when it checked, there was nothing except the goofy foreign currency and language stuff. Will have to check again

[CALFFBOU]

I just downloaded at 10 of them. I didnt see what you
wrote there. All looks good on this end.

And dont hug Mini-Me.

-Brett

[ullrichk]

I got the same thing earlier today but just installed the updates in the last hour or so.

[firenresq77]

I went home on my lunch and checked and ran the update check on the microsoft site and yes, I have like 3 critical updates to do.........

[Res343cue]

Thank god for Linux...

Non of the Microshaft crap.

[arhaney]

Thanks Bou! Downloaded updates and picked the nice FREE Antispyware package too. Works pretty good.

[Dalmatian90]

Non of the Microshaft crap

So that's why I have 448 update packages in my up2date folder at work for a release of Fedora Core-3 that's only, what, 5 months old?

Everyone has bugs.

Except where other software tends to have bugs were, oh, you have to jiggle locks and shimmy things to break stuff...Microsoft build there walls out of paper. Wet paper. In high winds. And leaves a knife sitting outside (that they hide the key to the front door under).

Oh well, at least another 5 years before I have all production fully weaned off Microsoft and on to Linux

[CaptOldTimer]

Thanks Bou, Downloaded in about 8 minutes.

[Resq14]

Originally posted by Dalmatian90
Oh well, at least another 5 years before I have all production fully weaned off Microsoft and on to Linux

Some would argue open source is a little more dangerous. And I'd agree.

[CALFFBOU]

Originally posted by Res343cue
Thank god for Linux...

Non of the Microshaft crap.

Why is Microsoft so bad? I have been using them for a
while and I really dont know the good from the bad.

Please explain.

[Dalmatian90]

Ok Resq...the crown jewels sit on Solaris servers connected to an EMC SAN The Linux boxes do the grunt yeoman work so we don't have to make configuration changes directly with Solaris as much.

Callfbou, I don't have an easy answer for you -- to computer geeks, Linux/Unix offers the ability to tweak their security & stability with finer control than Windows does. And that's said by someone who prides himself in having heavily used NT 4.0 Servers with indefinite up times -- exceding a year between reboots and normally at that due to external maintenance.

Some of the fustration is simply Microsoft is most heavily targeted, and we end up regularly getting distracted from other tasks to go and patch the servers -- and server patching as it affects many, many users is a much bigger deal than individual workstations to make sure by patching you don't break something else that prevents production work.

[fflynn17]

Why is it that when I run the Microsoft Spyware scan, it tells me I have no spyware threats on my computer, but when I ran a spyware scan that wanted me to pay $29.00, it said I had over 50 spyware threats on my computer??? I did delete the cookies before running the Microsoft one....

[Resq14]

Originally posted by fflynn17
Why is it that when I run the Microsoft Spyware scan, it tells me I have no spyware threats on my computer, but when I ran a spyware scan that wanted me to pay $29.00, it said I had over 50 spyware threats on my computer??? I did delete the cookies before running the Microsoft one....

Perhaps they just want your money?


Seriously though, I've had poor luck with the MS spyware scan (I'll use "MS" loosely since they basically stuck their name on it). It has missed things others haven't. I recommend using the FREE programs:

- spywareblaster
- adaware
- spybot

Remember, like antivirus software, these are only as good as the frequency they're updated.

If you don't like messing with all this, do the incredibly sacrilege:
buy an Appple Macintosh. It should only take 50 million or so new users before they start experiencing similar issues.

[ffexpCP]

Be careful with some of the free scanners. Some actually ADD spyware and adware.

but the Ad-Aware and Spybot S&D are good ones.

They should make all that crap illegal.

[Bones42]

Company X wants to make money, now and long into the future.

Company X comes out with the latest/greatest Anti-Spyware and Anti-virus. They make a lot of cash.

Company X wants more money, so they devise Division Z, a wholely owned and subsidized part of Company X. Division Z creates Spyware and Viruses that beat Company X's "Anti" series. They release all their stuff free.

Company X comes out with upgrades/updates to their Anti softwares and makes more money.

Division Z comes out with new threats.


In the end...we all suffer. Don't kid yourself into thinking this doesn't happen. Who makes police radars and radar scanners?

[CALFFBOU]

Originally posted by ffexpCP

but the Ad-Aware and Spybot S&D are good ones.

Ad-Aware is the one I use.

[Resq14]

I highly recommend using more than one, Bou. Each one tends to miss things. I will say I ran the Microsoft one on my brother's computer last night, and it found 80+ registry entries and files (not even cookies) that the others (spybot, adaware) had missed.

Also, the MS product, spywareblaster, and Spybot have features that prevent the installation of this crap to begin with... proactive features. Adaware is purely reactive, unless you buy the upgrade.

Microsoft Antispyware is free until sometime this spring/summer... it's worth a try.

Just my experience.

[tk1918]

ffexpCP is correct. adaware and spybot are great. run both once a month and you should be fine. They are free from www.download.com. when finding the right spybot, get the search and destroy 1.3.

[CALFFBOU]

Spy Doctor? I downloaded it for free and it seems to work
good. Any feedback please?