Updated: 4/4/06; 7:32:46 PM.
Ted's Radio Weblog
Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good.
        

Wednesday, January 11, 2006

Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say "you're on your own." Here are the patches:

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!

It is the second week of 2006.
4:56:52 PM    comment []


Garrett Fitzgerald's Blogs Apples and Oranges. "In a recent post, Craig Berntson trumpets about a recent CERT report that "proves" that Windows is more secure than Linux. What he doesn't mention is that the "Linux/Unix" list lumps together the Linux kernel, Mac OSX, HPUX, SCO Unixware, and others. So, when comparing 1 OS against 6 or more OSs, the 1 OS comes out ahead. What a surprise."

Over at Groklaw, the poster does a fine job of pointing out the problems with just quoting the gross numbers from this survey. It would be far better to identify how many security flaws led to major exploits and the costs of the cleanup. Trivial items are counted one-for-one with items that cost millions to clean up, exploits are listed multiple times (on both Windows and non-Windows platforms).

Bottom line: security is a process, not a feature. Millions more computers were turned into spam-sending zombies, and not just because they are running a more commonly-available operating system. They were exploited because the OS runs as an administrator with the rights to alter anything on the machine. Only one OS manufacturer shipped software that has that fatal flaw.
4:48:47 PM    comment []


© Copyright 2006 Ted Roche.   

Creative Commons License This work is licensed under a Creative Commons License.

  

 

January 2006
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Dec   Feb


Click here to visit the Radio UserLand website.

Subscribe to "Ted's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Blogroll