Critical security update includes Windows 7 beta

Welcome to Patch Tuesday, Windows 7.

Windows Update offered this alert on Wednesday, pointing to a security update for Windows 7.

(Credit: CNET)

Microsoft on Tuesday released an update to the Windows 7 beta that closes a critical hole that puts users at risk of having their computers taken over remotely if they view a maliciously crafted image file.

Although the patch was released as part of Patch Tuesday, Microsoft didn't exactly highlight the fact it was updating Windows 7. The security bulletin summary that lists affected software references only Windows 2000, XP, Vista, Server 2003, and Server 2008, and it wasn't mentioned in the advance advisory Microsoft released March 5.

However, Windows 7 beta, Windows Server 2008 Service Pack 2 beta, and Windows Vista Service Pack 2 beta are mentioned in the accompanying frequently asked questions (FAQ) section of the TechNet bulletin specific to the update (MS09-006).

A Microsoft spokesman said Windows 7 wasn't included among the affected software because it is a beta version.

The Windows 7 patch was noted earlier on Wednesday by Ars Technica.

[The_happy_switcher]

"puts users at risk of having their computers taken over remotely" Good to see that 'security' is still job one at Microsoft---NOT.

[Vegaman_Dan]

Excellent point! And it would appear that Apple also has the same issue. Why just look at Mr. Dee's *documented* references on this very issue.

You bring up a very good point that security is an issue that all OEM's need to address, and certainly not just Microsoft.

[Lerianis3]

Microsoft isn't an OEM.... it's an OS company, and some of these 'remote-execution' things are virus-writers taking advantage of holes in things that businesses or other people use on a daily basis.

[CrashPad63]

AppleSucks1963, You really need to stop beating on yourself like this. MS is the premier provider when it comes to finding and patching exploits. Apple on the other hand would rather stick their head in the sand, playing make believe their OS has no exploits. What a ******* joke.

[Dalkorian]

Now wait just one cotton picking minute here. We have winblows SLAVES who are both touting the fact that Apple also has released patches to vulnerabilities in their systems AND some misguided notion that Apple tries to hide vulnerabilities and doesn't patch them.

Can't have it both ways people. It's one or the other. Either Apple also fixes their problems or they don't.

Fact of the matter is Apple is actually better at acknowledging and patching their problems than M$ ever was. Of course, that's not saying much ...

[Throgged]

Apparently whatever superior apple computer you are using to post your message cannot handle the CNET page and keeps quadruple posting your inane drivel?

[Mr. Dee]

Apple OS-X security update 2009-001 (February 12):
CVE-ID: CVE-2009-0009: Impact: Opening a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution

CVE-ID: CVE-2009-0020: Impact: Opening a file with a maliciously crafted resource fork may lead to an unexpected application termination or arbitrary code execution

CVE-ID: CVE-2008-5050, CVE-2008-5314: Description: Multiple vulnerabilities exist in ClamAV 0.94, the most serious of which may lead to arbitrary code execution

CVE-ID: CVE-2009-0137: (Safari RSS) Impact: Accessing a maliciously crafted feed: URL may lead to arbitrary code execution
CVE-ID: CVE-2009-0138: Impact: Remote attackers may be able to access Server Manager without valid credentials. Description: An issue in Server Manager's validation of authentication credentials could allow a remote attacker to alter the system configuration

CVE-ID: CVE-2009-0139: Impact: Connecting to a maliciously crafted SMB file system may lead to an unexpected system shutdown or arbitrary code execution with system privileges

(this is not the complete list)

Quote:
"Users still facing software issues while running the most current version of Mac OS X Leopard may take kindly to word that Mac OS X 10.5.7 is moving swiftly through its development cycle.

As was reported at the time, that build arrived with nearly six dozen code corrections, a barebones weight of 440 megabytes, and requests that developers focus their testing efforts on over 20 core components, including AirPort, Mail, graphics drivers, and Time Machine."

Source: www.appleinsider.com/articles/09/03/06/apple_ready_with_second_beta_of_mac_os_x_juno.html

Think about that 72 patches after patching this one OS with 6 previous point updates already. This one update alone weighs 440 MBs, I am truly sorry for those who haven't patched since 10.5.1, then again, maybe those Macs have already been dumped and replaced by productive Windows based systems.

Here is another one: Hackers crack Apple's iTunes gift card algorithm

Quote:
"$200 iTunes Gift Certificates are selling for less than $3 in China now that a group of local hackers has circumvented Apple's algorithm for creating the digital vouchers and built their own gift certificate generators.

According to Outdustry, which describes itself as a music industry consultancy specializing in the Chinese music business, sellers on China's largest consumer-to-consumer online shopping site are marketing these illegitimate vouchers directly to customers."

Source: www.appleinsider.com/articles/09/03/10/hackers_crack_apples_itunes_gift_card_algorithm.html

[sythara]

BAM!

[Dalkorian]

Effective. You've shown that Apple is capable of acknowledging and fixing issues with their operating system (not sure what the gift card bit is about, but whatever).

Now show us one OS X virus (OS 9 and earlier doesn't count for reasons that should be obvious). Just one. Be careful, keep in mind a trojan is not a virus. I'd accept a worm if you can find one of those that affects OS X. Just one. If you are having difficulty with some of these terms (virus, worm and trojan specifically), please look them up instead of proving your intelligence level.

Should I find some that affects your winblows plantation, slave? (Yes, WGA has made you a slave to M$'s whims - another "feature" that OS X is missing.) I bet I can find 10 for each one you THINK you can find for OS X.

We're waiting. (Don't get mad at me, you asked for this.)

[sythara]

"puts users at risk of having their computers taken over remotely if they view a maliciously crafted image file."

Yeah, you have to open the file first, open it yourself with full knowledge that what you're opening is something you don't know.

When microsoft has a security hole and not fixes it within first 5 minutes it gets critisized for creating a crappy product. When Microsoft fixes a security problem it gets critisized again.... no win

I think some rich person should fund an international venture (mostly to russia and china) and tell people to start writing viruses for OSX just so those apple fanatics would shut the hell up. And pay money to programmers on per virus basis. That would level the playing field between mac and windows, since so very few people actually use OSX its laughable. That would show them that OSX is less secure than windows and the only thing they would have to talk about is how gay and unintuitive the UI is, and that you cannot exit a program by using the one button mouse, but have to actually use keyboard shortcuts to get things done...

[seven7dust]

so 10s of millions of users is very few ?
Wat you Windrones fail to understand is that vulnerabilities,hacking in a
public event and real world security issues r totally different things

Windows has and will continue to have the largest no.
of un-patched holes than n e of the alternatives !
and you will always need to do
pointless maintenance work and updates every single week
to prevent yr computer from becoming a POS !

The only reason why Windows has such a big share is because of people's ignorance and familiarity and the general lack of choice not because it's better !

[CrashPad63]

Seven, Quit talking out your ass. You know OSX and Linux both have bigger holes in them than windows. So stop this charade.

[Dalkorian]

by sythara March 11, 2009 1:01 PM PDT
I think some rich person should fund an international venture (mostly to russia and china) and tell people to start writing viruses for OSX just so those apple fanatics would shut the hell up.

------------------------------------------------------------------

Now that's just hilarious. If you're so bright, why don't you write this mythical virus yourself? Don't get me wrong, I think it's possible. Exponentially harder than on your winblows plantation (which is why it's not been done yet), but still possible. Nothing is perfectly secure.

We're waiting. Still, even after nearly a decade of OS X variations and improvements.

[nickh2]

How does posting a list of Mac OS X vulnerabilities make Windows vulnerabilities go away?
Surely the point is that they are getting fixed, right?

@sythara, how can a GUi be "gay"? Either you have issues or you do not know what the word means.

Info: Apple has shipped a multi button mouse for several years now. Third party branded mice usually just work. It's no big deal to quit an app with a single button mouse -I did it for years.

[Thranx]

"Info: Apple has shipped a multi button mouse for several years now."

Actually no... they decided to ship a "no button" mouse because they can't handle admitting that maybe the one button option was a bad move for so long. Because their pride and arrogance didn't allow them to say... yea, let's add a right click, that's a handy feature.

The list of OSX vulnerabilities was in response to that first post I believe... and he's right. People rag on MS for vulnerabilities being found but fail to realize that they're the only OS being targeted for these exploits because they're the 89% of the market. (http://w3schools.com/browsers/browsers_os.asp) OSX bugs are overlooked and FREQUENTLY left unpatched... why? Because apple simple doesn't care... because it doesn't have to. No one attacks mac. Why spend any time attacking a system where your perfect execution can only rate you a 6%.

OSX is the least secure of the current OSs out there, bar none.

[Dalkorian]

Winblows apologist slaves are the funniest bunch around. Put your money where your mouth is Thranx. If it's so easy to exploit OS X, do it and shut the community up.

Explain why there were viruses for OS 9 (pre-2000), but so far none for OS X (since 2000). Has Apple's market share fallen that far over the last 10 years? LOL!

It's OK Thranx, most slaves are frightened to wander into the wild world of freedom and out of the comforting control of their slave owner masters. Freedom can be a scary thing, maybe it's not right for everyone.

[Mr PIB--2008]

Go easy on the M$ fan-boys. They just want to see their stocks go back up the price they purchased them at. The truth hurts sometimes.

[Dalkorian]

Somewhat interesting when you think about it - didn't M$ just test the updater in 7 a few weeks ago? So would this count as another test of the updater, or did they test to distribute this patch or is this all "coincidence"?

Either way, I'm glad they're fixing this. View an image and get pwned? Wow, that's evil. I'm a little amazed at the expanse of the issue though - is there any version of winblows that isn't affected by this?

[jinx101a]

Winblows, that's funny, did you come up with it all yourself? You must be one of the creative types using a Mac to come up with such elegant insults.

Plus, evil? Don't be a drama queen, this isn't an issue of morality, it's a bug, and further, it's a bug that's getting fixed in a BETA testing product... when it should be fixed.

[Dalkorian]

Drama queen? Maybe, but it's a pretty nasty bug when you get pwned for viewing a movie or picture (Apple has their share of these involving Quicktime movies and I consider those "evil" as well for the same reason).

As for the BETA testing product, did you miss the part where they also patched this for every version of winblows since 2000? I thought only 7 (fista sp3) was officially a beta product - my mistake.

I best stop now, I think I hear your master calling for you to scan your machine for viruses again.

[kinncreek]

Doesn't take much to get the MS defensive. An innocent article about a patch has them attacking Mac. MY,MY.

[Mr PIB--2008]

After what crashpad63 said to me that is obvious. I guess I would be touchy too if my OS sucked as much as windows does. Good thing it doesn't.