Microsoft warns of new Windows flaw

Discussion in 'Current Events' started by idea_hamster, Feb 10, 2004.

  1. idea_hamster macrumors 65816

    idea_hamster

    Joined:
    Jul 11, 2003
    Location:
    NYC, or thereabouts
    #1
    For all those MR folks who use MS, they call it "critical".

    http://money.cnn.com/2004/02/10/technology/windows_flaw.reut/index.htm?cnn=yes

    Here's the MS page with the description:

    http://www.microsoft.com/security/security_bulletins/20040210_windows.asp

    "A security vulnerability exists in the Microsoft ASN.1 Library that could allow code execution on an affected system. The vulnerability is caused by an unchecked buffer in the Microsoft ASN.1 Library, which could result in a buffer overflow.

    An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges."
     
  2. Lancetx macrumors 68000

    Lancetx

    Joined:
    Aug 11, 2003
    Location:
    Texas
    #2
    And it took MS over 200 days to get a fix out for this from the time they were first informed of it. Funny how C|NET was all over Apple when they took a month or so to get a comparatively minor security fix out for Jaguar a couple of months back... :rolleyes:
     
  3. thecow macrumors 6502

    Joined:
    Nov 24, 2003
    Location:
    Timonium MD
    #3
    Hmm. Another microsoft security patch. Why does swiss cheese come to mind whenever I think about this company's OS?
     
  4. pinto32 macrumors 6502

    Joined:
    Oct 19, 2003
    Location:
    PA
    #4
    I'll be going home to my PC this weekend.....it will probbaly take the whole 3 days I have off just to download all of the patches......
     
  5. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #5
    Didn't I just update a couple of days ago???

    At first I thought that this was just the old news about some updates released last week, but no these are new updates!

    I can see why these virus spread like they do, no one has time to update their computer this much, I certianly don't!
     
  6. ~Shard~ macrumors P6

    ~Shard~

    Joined:
    Jun 4, 2003
    Location:
    1123.6536.5321
    #6
    I don't care. Why? Because I'm the proud owner of a Mac. :cool:
     
  7. MoparShaha macrumors 68000

    MoparShaha

    Joined:
    May 15, 2003
    Location:
    San Francisco
    #7
    It seems like these critical updates aren't even bothering Microsoft anymore. It seems to me they're banking everything on Longhorn. What worries me is that Longhorn might be as good as MS thinks it's going to be.
     
  8. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #8
    That may be the case, but in the mean time what is a Windows user supposed to do?

    Last I heard, it won't be out for at least two years.
     
  9. Opteron macrumors 6502

    Joined:
    Feb 10, 2004
    Location:
    South Australia
    #9
    I've been running Windows since 95 (95-98-Me-XP) never had a virus, and have never used a virus check, eg. norton
     
  10. HexMonkey Administrator

    HexMonkey

    Staff Member

    Joined:
    Feb 5, 2004
    Location:
    New Zealand
    #10
    I knew there was some reason why it has always been so hard to use Windows: Under normal circumstances, it prevents you from running code! :D
     
  11. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #11
    I have never caught a virus either (if I don't include spyware), but I always update my computer everytime a new update is released, but I know a lot of people who don't update and a few people that have gotten serious viruses because they didn't.

    The majority of Windows users don't bother to update, and that is the problem.

    Also, how do you know that you never had a virus if you never ran any anti-virus software?? Most people that get a virus, espically the nasty backdoor opening kind, never know it.
     
  12. idea_hamster thread starter macrumors 65816

    idea_hamster

    Joined:
    Jul 11, 2003
    Location:
    NYC, or thereabouts
    #12
    Right, but if you saw what happened when MSBlaster hit, it was sharply clear that there's an enormous difference between malicious code that runs locally and malicious code that can be executed remotely.

    Also, there seemed to be a general consensus of opinion around the time of MSBlaster that part of the problem was that system administrators in general shyed away from prompt patching because of compatibility problems. I'll bet that they pick up this patch quickly, tho....
     
  13. Dippo macrumors 65816

    Dippo

    Joined:
    Sep 27, 2003
    Location:
    Charlotte, NC
    #13
    There was also an issue about one of Microsoft's patches that just didn't plain work at all. Microsoft had to re-release the patch to fix the problem the second time.
    http://news.com.com/2100-1009-5072672.html

    I personally haven't had any system problems after a "security update" but I am also not running a server.

    One on my friends is the tech at a local High School, and due to budget cuts he alone is in charge of hundreds of windows machines. Guess what he will be doing for the next couple of weeks?
     
  14. iGav macrumors G3

    Joined:
    Mar 9, 2002
    #14
    just out of interest how do you know you've never had a virus if you've never run the software to check to see if you have or not??
     
  15. jxyama macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #15
    thanks for an insightful post. it's clearly the case that your use history is anything but typical.
     
  16. virividox macrumors 601

    virividox

    Joined:
    Aug 19, 2003
    Location:
    Manila - Nottingham - Philadelphia - Santa Barbar
    #16
    new widnows flaw? you mean ANOTHER windows flaw
     
  17. MorganX macrumors 6502a

    MorganX

    Joined:
    Jan 20, 2003
    Location:
    Midwest
    #17
    Auto-update is great. The fix was waiting for me when I got home the day it was released. I have it set to download, but I need to approve before install. You can set it to autoinstall and you won't have to do anyting. Few people actually set the autoupdate preferences.

    A PC user without VIRUS protection is a scary, scary thought. Anyone without it probably "thinks" they haven't been infected, odds are you have if you use email, or download using Kazaa. You just don't know it and have probably spead it to severy of your contacts. Well, not several, but everyone in your address book.
     
  18. jxyama macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #18
    having so many "critical" problems that regular updating is a prerequisite of a working machine is also a problem.

    where do you draw the line between burdening the users with the responsibility to upgrade and providing a working OS that needs not so many updates?

    cars generally need oil replacement once every 3k to 5k miles to keep running well. if that was, say, 200 miles instead, requiring practically weekly oil changes, can the car owners be faulted for not following up on it? can the car makers get away with burdening the users with such troublesome and inconvenient maintenance requirements?

    i'm not implying that windows "critical" updates is like having to change the oil every 200 miles. i just threw out an analogy to illustrate a point - what's the reasonable level of burden to be placed on the user to do maintenance? at some point, shouldn't the manufacturers be held to a higher standard to provide the users with reasonably "maintenance-free" products?

    i don't think it's as simple as "users are the problem because they don't upgrade."
     
  19. MorganX macrumors 6502a

    MorganX

    Joined:
    Jan 20, 2003
    Location:
    Midwest
    #19
    How does XP compare to linux and OS X?

    I know when I installed Linux the most time consuming part was downloading all the patches and security updates.

    I remember quite a few for OS X and OS X has far too many incremental OS patches IMO.

    So, given the size of the platform, is it really any different than all the rest?
     
  20. jxyama macrumors 68040

    jxyama

    Joined:
    Apr 3, 2003
    #20
    morganX:

    generally, i don't care to make comparisons between windows and other OSes. i was just responding to the "users are the problem" attitude - if it's the industry "standard" to expect much user maintenance, regardless of the OS, then i guess so be it.

    however, i'd argue that since windows made themselves the dominant OS in the market and along that dominance (should) come the responsibility to be even better than other OSes. if being dominant means more attacks, then so be it. they asked for (and got) dominance - now deal with the consequences as well.

    this ends my rant. i don't use windows anymore so i don't personally care. but i *do* wish M$ would do a little better job with longhorn since it will be used by many, many people. if anything, it will reduce the number of annoying virus email warnings like i've gotten the last year because of virus and worms. :D
     
  21. MorganX macrumors 6502a

    MorganX

    Joined:
    Jan 20, 2003
    Location:
    Midwest
    #21
    ::nods respectfully in agreement::
     
  22. idea_hamster thread starter macrumors 65816

    idea_hamster

    Joined:
    Jul 11, 2003
    Location:
    NYC, or thereabouts
    #22
    I agree -- I'm not fond of having my In Box full of spoofed mailer daemons, either!

    Aside from that, this latest flaw (while "critical") seems to be substantively the same as the MSBlast worm and the subsequent Mac OS X security patch -- specifically, a buffer overflow vulnerability. For everyone's sake, maybe they have one poor chump in charge of all the buffers in Longhorn to make sure they don't overflow!
     

Share This Page