Microsoft will patch 9 month old bug on 01/13/09

Author	All Replies
antiphishing Phishing Scam Terminator Premium join:2004-06-09 Wilkes Barre, PA 1 edit	Microsoft will patch 9 month old bug on 01/13/09 Microsoft slates single Windows patch for Tuesday It may finally fix nine-month-old bug, says security researcher By Gregg Keizer »www.computerworld.com/action/art···&nlid=91 January 8, 2009 (Computerworld) Microsoft Corp. today said it will issue just one security update next week, down dramatically from last month's record-setting eight updates that patched 28 vulnerabilities. The single security update slated for Tuesday, Jan. 13, has been tagged "critical" by Microsoft, which posted its usual advance notice today of what to expect for its monthly patch cycle. All current support versions of Windows are affected, said Microsoft. As is often the case, older editions -- Windows 2000, Windows XP and Windows Server 2003 -- are at more risk than the newer Windows Vista and Windows Server 2008. Microsoft rated the threat to the older versions as critical, but pegged the threat to newer editions as "moderate," the second-from-the-bottom rating in the company's four-step scoring system. Andrew Storms, director of security operations at nCircle Network Security Inc., again put his money on a long-standing Windows bug as the problem Microsoft will patch. "My guess is that it's the token kidnapping bug," said Storms, who had named the same unpatched vulnerability as a likely suspect before Microsoft's December patching. "There are three outstanding vulnerabilities. That one, WordPad and SQL Server. WordPad isn't in Windows Server 2008," said Storms, who noted that the server software is set for a patch next week. "And if they were going to patch SQL Server, I think they would list it as 'SQL Server,' not 'Windows,'" he added. Two weeks ago, Microsoft confirmed that it has been working on a fix for a critical vulnerability in SQL Server for almost nine months, but denied that it has had a patch ready since September, as an Austrian security researcher has alleged. The Windows vulnerability Storms cited was first acknowledged by Microsoft in April 2008, several weeks after researcher Cesar Cerrudo said he would disclose a Windows flaw at an upcoming conference. At the time, Microsoft had downplayed the issue, going so far as to label the problem a "design flaw," not a security bug. Several months later, Microsoft confirmed that hackers were actively exploiting the bug, which remains unpatched. "You always have to start with the known," Storms added, referring to the list of open Microsoft issues, "but because this [bug] is in all versions of Windows, it could also be another GDI vulnerability." Storms was talking about the Graphics Device Interface, the core graphics rendering component of Windows, which has been repeatedly repaired by Microsoft, most recently last month in December's massive 28-patch update. Another clue that may point to a fix for something other than Cerrudo's bug was Microsoft's designation of the vulnerability as an "elevation of privilege" issue. Typically, Microsoft does not rank that class of vulnerabilities as critical. "That may be the fly in my ointment," admitted Storms. Microsoft will release January's sole security update at approximately 1 p.m. EST on Tuesday. -- Specializing in "takes downs" of phishing and advance fee scams Send your Phishing/Advance fee scams to: phish@antihotmail.com »loudobbs.tv.cnn.com/ »fraudwatchers.org/forums/
	to forum · permalink · · 2009-01-12 14:24:19 ·
trparky Bite My Shiny Metal Ass Premium,MVM join:2000-05-24 Cleveland, OH clubs:	There goes my 16 days without a reboot record on Vista. -- Tom
	to forum · permalink · · 2009-01-12 15:19:53 ·
antiphishing Phishing Scam Terminator Premium join:2004-06-09 Wilkes Barre, PA	said by trparky : There goes my 16 days without a reboot record on Vista. Damn, I would love to get sixteen days without a reboot on my Dell Vista laptop. I am lucky to go more then two weeks without some type of update either Microsoft or McAfee. I am so fed up with Microsoft updates. When will the fun with Microsoft ever end? -- Specializing in "takes downs" of phishing and advance fee scams Send your Phishing/Advance fee scams to: phish@antihotmail.com »loudobbs.tv.cnn.com/ »fraudwatchers.org/forums/
	to forum · permalink · · 2009-01-12 15:28:24 ·
trparky Bite My Shiny Metal Ass Premium,MVM join:2000-05-24 Cleveland, OH clubs: ·AT&T U-Verse 2 edits	I really can't complain, Vista has been rock solid stable for me. Edit: This includes almost continuous use with programs closing and loading all throughout that time. I'd have to say that it's more stable then XP ever was, at least for me that is. I use 64-bit by the way. -- Tom
	to forum · permalink · · 2009-01-12 15:38:24 ·
Pole883 Premium join:2004-01-27 Schenectady, NY	Q.E.D.
	to forum · permalink · · 2009-01-12 16:52:54 ·
trparky Bite My Shiny Metal Ass Premium,MVM join:2000-05-24 Cleveland, OH clubs:	Whoa, this is interesting. I just installed that critical update on my notebook and it didn't ask for a reboot. 18 Days, 15 Hours, 5 Minutes, and 51 Seconds and counting without a reboot! -- Tom
	to forum · permalink · · 2009-01-14 15:07:45 ·


Wednesday, 09-Dec 23:43:12	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF