Updated: 4/4/06; 7:32:46 PM.
Ted's Radio Weblog
Mission: Interoperable. Competition breeds Innovation. Monopolies breed stagnation. Working Well with Others is Good.
        

Wednesday, January 11, 2006

Microsoft Patch Tuesday, January 2006
Despite releasing it last week, MS06-001, the WMF flaw, was also released as one of three Critical, Remote Code Execution possible patches that comprised the January 2006 Microsoft security bulletin. As is typical, the patches seem to affect every supported version from Windows 2000 on up. However, earlier versions of Windows are provided with a link which seems to say "you're on your own." Here are the patches:

MS06-001 - Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

MS06-002 - Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

MS06-003 - Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution (902412)

So, Microsoft graphics, Microsoft Fonts, Microsoft Office and Microsoft Outlook all have serious flaws. Get patching!

It is the second week of 2006.
4:56:52 PM    comment []


'Numbers of flaws' is a flawed measure of security
Garrett Fitzgerald's Blogs Apples and Oranges. "In a recent post, Craig Berntson trumpets about a recent CERT report that "proves" that Windows is more secure than Linux. What he doesn't mention is that the "Linux/Unix" list lumps together the Linux kernel, Mac OSX, HPUX, SCO Unixware, and others. So, when comparing 1 OS against 6 or more OSs, the 1 OS comes out ahead. What a surprise."

Over at Groklaw, the poster does a fine job of pointing out the problems with just quoting the gross numbers from this survey. It would be far better to identify how many security flaws led to major exploits and the costs of the cleanup. Trivial items are counted one-for-one with items that cost millions to clean up, exploits are listed multiple times (on both Windows and non-Windows platforms).

Bottom line: security is a process, not a feature. Millions more computers were turned into spam-sending zombies, and not just because they are running a more commonly-available operating system. They were exploited because the OS runs as an administrator with the rights to alter anything on the machine. Only one OS manufacturer shipped software that has that fatal flaw.
4:48:47 PM    comment []


© Copyright 2006 Ted Roche.   

Creative Commons License This work is licensed under a Creative Commons License.

  

 

January 2006
Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        
Dec   Feb
Home
About Me
Technorati Profile
2005 Archives
2004 Archives
2003 Archives
2002 Twiki-Blog Archives
Click here to visit the Radio UserLand website.

Subscribe to "Ted's Radio Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.
Blogroll
miniXmlCoffeeMug.gif miniXmlButton.gif SANS Internet Storm Center, InfoCON: green
miniXmlCoffeeMug.gif miniXmlButton.gif Andrew MacNeill - AKSEL Solutions
miniXmlCoffeeMug.gif miniXmlButton.gif Ars Technica
miniXmlCoffeeMug.gif miniXmlButton.gif Resigned to the Bittersweet Truth
miniXmlCoffeeMug.gif miniXmlButton.gif Garrett Fitzgerald's Blog
miniXmlCoffeeMug.gif miniXmlButton.gif Dan Bricklin's Log
miniXmlCoffeeMug.gif miniXmlButton.gif Dictionary.com Word of the Day
miniXmlCoffeeMug.gif miniXmlButton.gif David Stevenson's Talking Fox
miniXmlCoffeeMug.gif miniXmlButton.gif fiat volpes
miniXmlCoffeeMug.gif miniXmlButton.gif FoxProWiki
miniXmlCoffeeMug.gif miniXmlButton.gif Ted Roche's OPML blog
miniXmlCoffeeMug.gif miniXmlButton.gif OpenTech Recent Topics
miniXmlCoffeeMug.gif miniXmlButton.gif Doc Searls' IT Garage -
miniXmlCoffeeMug.gif miniXmlButton.gif The Doc Searls Weblog
miniXmlCoffeeMug.gif miniXmlButton.gif --Paul McNett, Earthling
miniXmlCoffeeMug.gif miniXmlButton.gif PySIG Wiki
miniXmlCoffeeMug.gif miniXmlButton.gif Ted's Radio Weblog
miniXmlCoffeeMug.gif miniXmlButton.gif Shedding Some Light
miniXmlCoffeeMug.gif miniXmlButton.gif Slashdot
miniXmlCoffeeMug.gif miniXmlButton.gif eWEEK.com Messaging and Collaboration
miniXmlCoffeeMug.gif miniXmlButton.gif Microsoft Watch from Mary Jo Foley
miniXmlCoffeeMug.gif miniXmlButton.gif Eric.Weblog()
miniXmlCoffeeMug.gif miniXmlButton.gif Latest Partner News from MySQL AB
miniXmlCoffeeMug.gif miniXmlButton.gif stevestransitions
miniXmlCoffeeMug.gif miniXmlButton.gif Jon's Radio
miniXmlCoffeeMug.gif miniXmlButton.gif Alex Feldstein
miniXmlCoffeeMug.gif miniXmlButton.gif CentraLUG
miniXmlCoffeeMug.gif miniXmlButton.gif Computerworld News
miniXmlCoffeeMug.gif miniXmlButton.gif Ed Foster's Gripelog
miniXmlCoffeeMug.gif miniXmlButton.gif Joho the Blog
miniXmlCoffeeMug.gif miniXmlButton.gif InfoWorld: Application development
miniXmlCoffeeMug.gif miniXmlButton.gif InfoWorld: Top News
miniXmlCoffeeMug.gif miniXmlButton.gif ITC: All Programs
miniXmlCoffeeMug.gif miniXmlButton.gif Linux-Watch.com
miniXmlCoffeeMug.gif miniXmlButton.gif macosxhints
miniXmlCoffeeMug.gif miniXmlButton.gif Webmin/Usermin/Virtualmin - RSS-Feed
miniXmlCoffeeMug.gif miniXmlButton.gif Latest Updates from MySQL AB
miniXmlCoffeeMug.gif miniXmlButton.gif NYT > Business
miniXmlCoffeeMug.gif miniXmlButton.gif NYT > Home Page
miniXmlCoffeeMug.gif miniXmlButton.gif NYT > Technology
miniXmlCoffeeMug.gif miniXmlButton.gif Tim O'Reilly, O'Reilly Network
miniXmlCoffeeMug.gif miniXmlButton.gif OSNews
miniXmlCoffeeMug.gif miniXmlButton.gif Daily Python-URL! (from the Secret Labs)
miniXmlCoffeeMug.gif miniXmlButton.gif Scripting News
miniXmlCoffeeMug.gif miniXmlButton.gif Stylus Studio NewsWire
miniXmlCoffeeMug.gif miniXmlButton.gif Jeffrey Zeldman Presents The Daily Report