Critical Windows 7 holes fixed in record Patch Tuesday

Microsoft released a record number of 13 bulletins for 34 vulnerabilities on Patch Tuesday--and the first critical update for Windows 7--as well as fixes for zero-day flaws involving Server Message Block (SMB) and Internet Information Services (IIS).

The most severe of the three SMB flaws, which were first reported last month, could allow an attacker to take control of a computer remotely by sending a specially crafted SMB packet to a computer running the Server service. Exploit code for one of the SMB holes has been posted to the Web, Microsoft said.

Windows 7 is affected by two critical patches intended to mend vulnerabilities that could allow remote code execution if a malicious Web page were viewed, one part of a cumulative security update for Internet Explorer and the other in .Net Framework and Silverlight.

The official release date for Windows 7 is October 22, but the new operating system has been available to some large businesses with volume licenses since the summer. The code was finalized in July.

Other critical patches in the security bulletin for October fix a vulnerability in Windows Media Runtime that could be exploited if a user opened a malicious media file or received malicious streaming content from a Web site or application, and if a specially crafted ASF (Advanced Systems Format) file is played using Windows Media Player 6.4.

Among the critical updates: a cumulative security update of ActiveX Kill Bits that is being exploited and that affects ActiveX controls compiled using Active Template Library (ATL); and another patch resolving several vulnerabilities in ATL ActiveX Controls that could allow remote code execution if a user loaded a malicious component or control. ActiveX and ATLs were the subject of an emergency patch Microsoft released in July.

The final critical bulletin fixes a hole in Windows GDI+ (Graphics Device Interface) that could allow an attacker to take control of a computer if the user viewed a malicious image file using affected software or browsed a malicious Web page.

"Microsoft has repeatedly had to fix problems related to the Graphics Device Interface in Windows, and vulnerabilities in the component have been exploited broadly in the past. We can expect that security researchers will be looking to reverse-engineer today's patches, which may very well lead to exploits being created," said Dave Marcus, director of security research and communications at McAfee Labs.

Related "For the Record" podcast, with Symantec's Ben Greenbaum
Listen now: Download today's podcast

Nine of the vulnerabilities were previously disclosed, which meant that attackers had time to come up with so-called "zero-day" exploits before the patches were available, Marcus noted.

The most alarming vulnerability in the mix is the SMB flaw, which was introduced by the patch for a different vulnerability, according to Josh Phillips, virus researcher at Kaspersky Lab.

Andrew Storms, director of security operations at nCircle, said the bug that is likely to have the biggest impact will be the critical one that affects Windows Media Runtime and involves a speech codec bug that has limited exploits in the wild. "This is a typical file-parsing issue and similar to vulnerabilities that have allowed attackers to create drive-by attacks that infect unsuspecting video viewers," he said.

Meanwhile, the critical SMB vulnerability is relatively difficult to exploit given default firewall conditions, but the IIS bugs are easy to exploit, Storms added.

"The sheer volume of the bulletins and patches is extreme," said Jason Miller, senior data team leader for Shavlik Technologies. "This is really going to affect administrators. It's going to be very challenging because of the time and research that's going to be needed" to patch systems.

Also released were five bulletins rated "important" to fix vulnerabilities in IIS, for which exploit code has been publicly released and for which there have been limited attacks, along with Windows CryptoAPI, Windows Indexing Service, Windows Kernel, and Local Security Authority Subsystem Service.

The update for Windows CryptoAPI relates to flaws in the way domain names are verified on the Internet, which could allow attackers to impersonate a site and steal information from unsuspecting Web surfers. The holes were revealed by researchers Dan Kaminsky and Moxie Marlinspike at Defcon in August.

Affected software includes Windows 7; Windows 2000; Windows XP; Windows Vista; Server 2003 and 2008; Office XP, 2003, and 2007; Microsoft Office System; SQL Server 2000 and 2005; Silverlight; Visual Studio .Net 2003; Visual Studio 2005 and 2008; Visual FoxPro 8.0 and 9.0; Microsoft Report Viewer 2005 and 2008; Forefront Client Security 1.0; and Office software including Visio, Project, Word Viewer, and Works.

The installation also removes the Win/FakeScanti Trojan, which displays fake malware warnings and then asks computer users to pay for fake antivirus software.

(For more information and analysis from Symantec, listen to my colleague Larry Magid's podcast.)

Update: This story was updated at 2:15 p.m. PDT with additional comment and at 11:47 a.m. PDT with more details and reaction from experts.

[baconstang]

Patched already? It's not even out yet.

[slickuser]

Thats their new strategy...

[paulreid99]

I've been running the final version for over 2 months now. It was released for MSDN developers on August 6th.

[baconstang]

It's not out to the general public until the 22nd. I know the geeks have had at it for months.

[OfficerNelson]

So insecure that they have to patch it up before it's even sold.

[Vegaman_Dan]

Win7 has been out since this summer for business/enterprise customers. That's even mentioned in the article.

It's been available in beta and RC versions for much much longer than that.

Really, Baconstang- I know your purpose was to cause trouble, but could you at least read the article before making comments like this? It really would help your credibility.

[baconstang]

Can't turn on the TV for very long without seeing the ads for 10/22/09.
And really Dan, I don't cause trouble, MS does a fine job of that. I just try to bring a little humor to the situation, something which you have never shown much of.

[slapppy]

Doesn't matter if its patched on not. This is Windows. It will be even more vulnerable within a day or two.

[Seaspray0]

@baconstang, officernelson, slickuser. HOW SOON YOU FORGET that the release of snow leopard downgraded the flash, required an update, and apple did not provide it until several days after the release. Microsoft is providing the patch before the release.

Glass houses indeed! The three of you need to go change your nics to Mo, Larry, and Curly.

[baconstang]

That's why i wait for a month or two before installing major upgrades.

[Lerianis3]

Hey, any operating system is going to have flaws in it. OSX does, Linux does, etc..... it's time to stop harping on Microsoft and realize that OS code today is SO COMPLEX, that vulnerabilities are going to be found sooner or later and need to be fixed.... if they even can be fixed.

[AluminumMonster]

1st two posts are fanboys what a surprise.

[baconstang]

Woo Hoo! You can count.

[Vegaman_Dan]

@baconstang:

And comments like this also do nothing for your reputation, that is, unless you are *trying* to build up your rep as a troll. If that is the case, then bravo! You're doing an excellent job!

[baconstang]

Geesh, Dan. The AlMonster can take a joke..... lighten up already.

[gspal]

Microsoft's windows are not secure. Their loose latches open at the slightest breeze from exploiters and attempt to latch/patch the same long after after the damage is done. What they need is to do away with windows and invent a secure barn door. What does Microsoft charge for? Insecure operating systems and softwares? There Windows Professional XP2 or XP3 is still the best along with an effective AVG 8.5 and SuperAntiSpyware.

[Nataku4ca]

i think he just wasnt around to comment back =.=

[wanorris]

Congratulations, gspal, you have shown you have no idea what you're talking about!

Vista and Windows 7 are significantly more secure than XP. There is OS-level support for several different techniques for preventing overflow bugs from having any consistent way to execute their own code.

There are a number of valid reasons for not upgrading to Vista, but security is definitely not one of them. If you're really paranoid about security, you may want to hold off on Windows 7 until it's fully vetted and has had a chance to be attacked in the wild sufficiently, but from the early returns, it's likely to be the most secure consumer OS ever released. (Operating systems with low market share may be safer, since they are less likely to be targeted by exploits, but that doesn't make them more secure.)

[AluminumMonster]

I just learned to count past 5 yesterday, so im really trying to use my new found knowledge everywhere.

[baconstang]

Did you count in binary? ;)

[karpenterskids]

hahaha

[man_w_balls]

When is your bout with Fatty Magoo?

[duperstar]

I wonder why I haven't seen anything about Snow Leopard erasing all of your stuff. I used to scoff at people accusing CNET of favoritism, but now I have to wonder.

http://www.engadget.com/2009/10/12/apple-aware-of-snow-leopard-that-bug-kills-data-is-working-on-a/

[baconstang]

It's rare, about 0.001%, but they are still working on it. Also, it doesn't 'erase' your data, it just forgets which file it's in. You can redirect it via the Console, the data is still there.

[B-Ri]

CNET did post about that here: http://news.cnet.com/8301-31021_3-10373064-260.html?tag=TOCmoreStories.0

What does that have to do with Patch tuesday anyway?

[duperstar]

Thanks for the clarification. Engaget made it sound a lot worse.

[elinormills]

We covered that:
Apple acknowledges Snow Leopard data loss issue
http://news.cnet.com/8301-31021_3-10373064-260.html?tag=mncol

[duperstar]

@elinormills & B-Ri My bad for missing the post. I posted here because the fastest way to get a response on an Apple related item seems to be in a Microsoft article. Especially one talking about patches. It took 10 mins as you can see. I was a little worried as I have someone who uses my guest acct.

[ikramerica--2008]

Nothing was erased. It was just "misplaced". An OS that erases your stuff is much more dangerous. A bug that impacts a very small percentage that merely misplaces you stuff, that's not so bad. Still annoying.

[Vegaman_Dan]

@baconstang @ikramerica--2008:

There are cases included in the Apple issue where all data is indeed lost and the home folder replaced with an empty one. Apple is still investigating the issue. You can learn more by researching this before commenting if you go to sites such as Apple.com, macrumors.com, and Appleinsider.com. They all have been covering this data loss quite well.

[jakemochas]

@baconstang idk where to begin but obvious you think windows 7 in a threat if you've commented on a windows 7 article 20 times already... i'd like to see where you get .001% from and i'd also like to know why apple can't figure out why it is erasing stuff when THEY PROGRAMMED IT for THEIR MACHINES! It isn't like theres a billion apples and one or two fails...

[n3td3v]

Each security vulnerability costs Microsoft one million dollars in total from start to finish to get these things rolled out (patch dev, q.a testing, documentation etc), you do the math on how much this Patch Tuesday cost them.

[OfficerNelson]

$1M? No wonder there are so many holes - MS is cheap.

[Vegaman_Dan]

Where do you get that number? Or are you making it up? I'm curious to your source- as I'm sure CNET would be as well. May they quote you?

[n3td3v]

Vegaman_Dan,

Here is my source http://securitytube.net/Reverse-Engineering-101-video.aspx

He brings it up during the video that his friend at Microsoft Security Response Center (MSRC) told him the figure of $1M per security vulnerability.

[jakemochas]

a friend told a friend... always trustworthy

[n3td3v]

jakemochas,

He works at TippingPoint and his friend was the Director of Microsoft Research and it was an academic lecture, its not something you make up in that context infront of students you are teaching about reverse engineering.

[jakemochas]

idk how valid that is... stats would be nice not just some guys word...

[mistasandman]

I'm so glad I'm a Windows guy... Microsoft always takes care of it's users, unlike Apple who not only charges for service packs, but also deletes all your data. Windows rocks :)

[WinNoMo]

Enjoy!

[Renegade Knight]

Don't hold your breath. I had vista scrample the tags on my music library. That was no fun to fix.

[man_w_balls]

Windows 7 RC1 gives me recurring BSOD's after any time I try to run the "Windows Experience Index" routine. Each time a different 0x code and filename are given, and no solution has been found yet but for System Restore.
Will the patches fix that? 'Cause right now I'm not exactly feeling like my Windows Experience is rockin'.

[DrtyDogg]

try RC2 or wait a week until you can get the final.

[Lerianis3]

man_w_balls, Windows 7 RC1 should not be doing that unless something has gotten corrupted on your system. Do an 'upgrade reinstallation' (but first make note of your key for Windows 7 RC!) and if that fixes it..... look at there either being a virus on your system, your hard drive corrupting random bits, or something else wrong.

[MPB]

HAAA what are you trying to prove. If you call Snow Leopard a service pack that makes Windows 7 just as much as a service pack too. Snow Leopard costs $29 to upgrade and that was an upgrade on something that didn't need fixing , so it is not a service pack and Windows 7 Ultimate is going to cost $219.99 !! to upgrade and that is an upgrade on something that needed to be fixed. Now which one is sounding like more of a expensive service pack?

Don't get me wrong I use both OS 's on my MacBook Pro and I think they are just as good as each other. I just hate it when people try to claim that Snow Leopard is a service pack or Windows 7 is a service pack, their not! Both are a great improvement on their predecessors. Besides why love one OS and shun the other, why not have Snow Leopard and Windows 7 and get the best of both worlds?

[MPB]

HAAA what are you trying to prove. If you call Snow Leopard a service pack that makes Windows 7 just as much as a service pack too. Snow Leopard costs $29 to upgrade and that was an upgrade on something that didn't need fixing , so it is not a service pack and Windows 7 Ultimate is going to cost $219.99 !! to upgrade and that is an upgrade on something that needed to be fixed. Now which one is sounding like more of a expensive service pack?

Don't get me wrong I use both OS 's on my MacBook Pro and I think they are just as good as each other. I just hate it when people try to claim that Snow Leopard is a service pack or Windows 7 is a service pack, their not! Both are a great improvement on their predecessors. Besides why love one OS and shun the other, why not have Snow Leopard and Windows 7 and get the best of both worlds?

[Outside_Looking_In]

Let's not forget about the T-Mobile Sidekick debacle and whose hardware was behind that...

[Vegaman_Dan]

DANGER is the guilty part in the Sidekick issue. It's Danger's equipment. Microsoft bought the company, but the service is still using Danger's equipment and processes.

Thanks for reminding folks about that one.

[Outside_Looking_In]

Ah, yes. Microsoft and their "Midas touch"... It's not Microsoft's fault... They only own it now...

[baconstang]

They've only owned for about a year and a half..... what's the hurry?

[knowles2]

Vegaman_Dan Yeah as soon as they bought it, it took them less than a year to break it. I am sure that a record even for Microsoft.

[Lerianis3]

Microsoft didn't break jack. They were still using Danger's old equipment, which apparently was not setup in RAID configurations that were safe and would protect users data, which was stupid and.... maybe rising to the level of criminal.
Not Microsoft's fault.... DANGERS fault, and it's time to blame the RIGHT part in this.

[jakemochas]

why isn't apple blamed for their countless software updates in which i lose all of my iphone data? Or the 2.0 and 3.0 fiascos... i've never seen more glitches in a company release! you fanboys are insane

[Outside_Looking_In]

I don't know what you're doing wrong when you update your iPhone that you "always" lose your data, but I've updated my first generation iPhone with every (3 maybe?) without losing a single contact, song, appointment, note, or anything else for that matter. And then, when I went from first generation iPhone to my current 3G (not 3GS) I transferred everything in about 5 minutes or so and it was seamless. Even with the latest update (which wasn't a security patch ;-0) was seamless. No "glitches" as you say you had. My guess is you don't even own an iPhone because I don't know a single MS goon who would spend their "hard-earned" money on any Apple product because your loyalty to MS. Whatever; to each his own.
...Luxury cars aren't priced for EVERYONE...

[heygeo]

Danger used Linux + MySQL to create their POS solution.. MSFT should never have acquired them.. Linux is freeeee.. you get what you pay for.

[wanorris]

heygeo,

I would imagine that Microsoft was mainly acquiring a team that had significant expertise in the consumer smartphone market (somewhere that Microsoft hasn't exactly set the world on fire) rather than looking to improve the Danger systems themselves and put a bunch of resources behind a Java-based environment.

Of course, Microsoft is still ultimately responsible for the whole thing -- part of what they acquired was Danger's obligations to their existing customer base, and they had a responsibility to re-engineer the server platform if it needed it -- regardless of whether they viewed the platform as strategic or not.

[jakemochas]

@Outside_Looking_In I don't know if you were as eager as me on the day of 2.0 release to have it crash a brick my iphone... or even the 3.0 but i don't want to drive 90 miles to an apple store every time apple screws up

[brilliantvideo]

Friends don't let friends use Windows.

[heygeo]

man your friends must hate you ;p

[daas88]

brilliantvideo: damm right :)

[jjaymay]

does it really take this guy 90 miles to get to an apple store???

[sanjayb]

yes it does because he is coming down from the mountain he lives on.

[Gold_Storm_Mac]

wow should i rant on about Microsoft's bugs just like how ms shills did about snow leopard. this is much bigger than that. but i will take the high road and say no comment.

[WileySkier]

But you did comment so there goes the high road.

[Gold_Storm_Mac]

didn't say that windows sucks cause these bugs were in it.

[Nataku4ca]

u just did now... =.=

[Vegaman_Dan]

That's a lot of security patches to release in a single day. I'm glad they are releasing patches for Win7, but even more so for the SMB issues.

Of course this means that the products aren't perfect, so they join the ranks of Linux and OS X for requiring updates.

[The_happy_switcher]

Some are more perfect than others. I let you draw your own conclusions as to which one is.

[Seaspray0]

@the happy switcher. I'll provide you with a link to help you draw your conclusion...

http://news.cnet.com/8301-1009_3-10154662-83.html
The Macintosh and base Linux kernel operating systems have dominated the top spots for vulnerabilities by operating system over the past three years

[baconstang]

Yet remain at the bottom for exploits.

[Lerianis3]

by baconstang October 13, 2009 2:50 PM PDT
Yet remain at the bottom for exploits.
__________________________

Only because they are still 'also-ran' operating system that VERY FEW PEOPLE use.

[heygeo]

@The_happy_switcher

well it isnt Apple.. LOL
http://www.networkworld.com/news/2009/080609-apple-patches-18-mac-vulnerabilities.html

don't choke on all those apple seeds...

[blusky08]

This is the best article ever produced on why Macs really are more secure:
http://blogs.eweek.com/applewatch/content/security/what_market_share_will_attract_malware.html

MS has its good points and bad points. Mac has its good points and bad points. Neither companies' operating systems are necessarily better when it comes to everyday tasks. However, when it comes to security, Mac just really does have a major edge--these are the types of updates that I definitely do not miss.

[blusky08]

@Seaspray0
You do not understand the difference between "vulnerabilities" and "exploits". This difference is described here:
http://blogs.eweek.com/applewatch/content/security/what_market_share_will_attract_malware.html

It also cuts through all the hype to clearly outline why Mac OSX is more secure (in spite of so-called vulnerabilities).

[wanorris]

@blusky08,

OS X is NOT more secure, though it is is safer. If you store gold bars in a facility in the middle of New York City with armed guards, checkpoints, motion sensors, etc., you are adding security, even if there are frequent attempts to take them. If you bury the gold bars in an unlocked box up in orbit, they are much safer, because few can reach them, but they are not more secure.

The important difference is that if you, personally, are a high value target and sophisticated intruders who are not using a mass targeted vector (like a virus) take interest in you, then simply using a more obscure OS will not be any protection from these sophisticated intruders. They may simply sit down and code a custom attack just to break into your system. The better the actual *security* of your system, the better chance your system has of resisting their attack. That is the sense in which current versions of Windows are more secure. The distinction is important.

[daas88]

@Vegaman_Dan:

Of course there are not perfect OSs, and sorry for my ignorance because i haven't used a mac yet, but at least i know that in linux the update system is superior. Most linux OSs have package management, it controls all the software installed in your machine and update it once there's a new version in the repository.

If there's a security bug, or an important needed upgrade for the kernel or any piece of software, the developers will deliver a patch for it, within days or even hours. And it's open source, so if anyone knows how to fix the bug, then that person can contribute to make the OS better, unlike comercial closed source software.

Btw, before you or someone else call me like that, yes, i'm a linux fanboy and an antiwindows troll, but i'm here in this site because i like to know other people's opinions. Sorry for my english.

[Dalkorian]

Man I get sick of these pseudo-arguments from pseudo-intellectual apologists. Market share morons, explain why OS 9 had hundreds of viruses written for it and yet OS X, even after 8 years of tweaks to it, hasn't had even one virus (a few trojan horses do not equal even one virus - if that statement confused you then do yourself a favor and walk away before you prove your foolishness). Market share? Do you really intend to argue that OS 9 had a bigger market share than OS X currently enjoys?

Dan, cute spin on the truth there. Everyone needs patches because no one is perfect. That said, remind us again what "critical update" means in M$ parlance, please.

[sargess25]

the worst 200 bucks one can't spend on computers stuff, stick to XP and save yourself some aggro. OTH you could save up further get a cheapo Dell box and load Linux Mint in it, far better experience and visually street ahead of any windoze editions. Ideally one would want a MBP, but then again it's out of reach for 96% of winbot boys here

[Renegade Knight]

XP is at it's end of days. I like it as it's solid. I liked Vista interface but hated it's issues. However recently I've started hitting limits that only the newer OS's don't have. Thats OS X and Vista/7

[Nataku4ca]

with the amount of slang you are using, it just makes u less credible

remember 2000? love the thing, xp came and it didn't take until sp2 for me to switch over, and u know what? 7 is so much more... time to drop ur blinded love for old tech

[Gold_Storm_Mac]

the day after ms shills trolled about how flawed sl is, they have to now defend their own OS.
end tell

[Renegade Knight]

Nothing to defend 7 & SL are both good.

[shellcodes_coder]

defend? lol
Let's see how many copies of 7 MS will sell in the first month and then compute that many number of sales the number of Macs ever sold...LOL

[Gold_Storm_Mac]

@shelley any idiot would figure that out. but i am talking about quality and not quantity. where sl wins.

[shellcodes_coder]

@Gold_Storm_Mac: Quality and SL, it's full of bugs. Is that the quality that you are talking about?
Am using 7 Ultimate x64, it's got a feature called BitLocker which can encrypt my hard drives and even flash drives. So in case if it does get stolen, it will remain encrypted. What about snow leopard? Got any innovative feature like BitLocker in your endangered os? well Apple said SL would free up disk space and guess what? it does so by deleting users' data. LOL. That's damn funny!

[Motyoj]

shellcodes: Yes, there is a feature in OS X called FileVault, which encrypts your data and was offered long before BitLocker.

[shellcodes_coder]

@Motyoj: did I ever say FileVault wasn't there? I never did. It's no comparison to BitLocker, BitLocker encrypts hard drives and flash drives. That's what am talking about, not about encrypting files.

[o2bpitching]

@shellcodes:
First off, I just had a facepalm moment. Secondly, Filevault, at the consumer level, is equivalent to BitLocker. The only time BitLocker has the potential to be better is if you need, very high security, ie a government environment. So enough with the BS arguments.

[The_happy_switcher]

1 down, 3 million to go.

[jtjt145]

Patching when it is not even out yet ... that will raise everyone's confidence using Win 7 (aka Vista SP3).

I also read something else about Redmond, and I am not sure I can believe it. Quote:
"The technical experts at Microsoft Windows are annoyed about hardware vendor initiatives, providing computer users with an 'INSTANT-ON' mini-operating system, some Linux variant, which allows the user to browse the internet and do other basic functions without having to invoke the computers operating system first.
The Microsoft sources are quoted as saying, that in their opinion their users enjoy a long wait for Window's extended boot times, as it allows them to do other important things first, before using their computer. Activities like adjusting their lip-stick or making a cup of coffee were mentioned.
Frustrated and unable to match Linux's capabilities in this area, Microsoft will instead focus the efforts of their technical experts on creating a new version of 'INSTANT-OFF'. The source declined going into technical details, as a Microsoft patent application is pending, however, we managed to obtain a rough functional description. Apparently an extra button on the computer's keyboard, to be introduced by the OEM vendors, will operate a mechanical pull-out mechanism of the power plug at the back of one's computer. After past great successes with BSODs (blue-screen-of-death) symptoms, Redmond is quoted in saying, that they feel confident, that their great and unique expertise in this area, will allow them to make great strides, to finalize this new technical feature. Microsoft's chairman Steve Ballmer opined that the new mechanism will double up in funtionality as a cup-holder, and he could not wait for the day he will be able to 'squirt out' this new technical feature Microsoft's vast followership ..."

Progress a la MicroSoft! Enjoy!

Arthur :-)

[Seaspray0]

Microsoft Touche?

[Lerianis3]

OSX has been patched. Linux has been patched. Etc. etc. etc..... it's time to realize that the fact is that NO operating system is going to be perfect with the complexity of the code in them today, and if you are expecting that they will be..... let me grab my 'stupid stick' and whack you with it a few time to knock the stupid out of you.

[heygeo]

nice piece of fiction here Arthur... now you can go back to reading "goodnight moon" and leave the forum to us adults... run along... shoo

[Dalkorian]

You can't fix stupid Lerianis, nor can you beat it out of someone. You might be able to beat more stupidity into someone though, but I wouldn't recommend it. There's enough stupidity in the world now as it is.

[douggdangger]

Shame on Microsoft. Why can't they be like Apple with their Snow Leopard.

[bananaphonerules]

What; not comment on bugs and delete all your data?

[heygeo]

what you want MS to only have an OS that runs on one .. countem .. one piece of hardware?!
If Apple really was as good as they would have you believe then why dont they release their OS to run on anything like MS does... Apple makes great HW but they would fall apart as a SW company.. which is why they wont.. cant compete outside of the proprietary toasters.

[Renegade Knight]

Good point. They should have release Snow Vista instead of 7 as a new "OS".

[Dalkorian]

Nice job proving you don't get it, Heygeo.

[biffhenerson]

At least Microsoft is patching the bugs. Dont assume that because there are no patches for your software that your software does not have bugs. I would rather that my vendor patch 2000 bugs than patch nothing at all. The dream is to have no bugs but that dream is not cost justifiable or feasable yet.

[Lerianis3]

It will NEVER be feasible to have no patches for software. As complex as the software is today, and the fact that it is being written by FALLIBLE HUMANS.... never going to be totally perfect.

[jakemochas]

not when steve jobs controls everything apparently... haha jk

[heygeo]

theres an old addage in the security industry ...
If your house has been broken into and you FEEL secure doesnt mean that the house IS secure.
In E-Security i've heard this put in other terms but the foundation of it remains the same... Just because they havent issued a patch doesnt mean its not a vulnerability.

[MrRetardo]

So- here's a company that's fixing bugs & exploits BEFORE it hits the general public? AND they ACKNOWLEDGE it? And if any others are found, you can expect a software fix on the 2nd Tuesday of every month?

Doesnt sound bad to me! I'm still waiting for someone to come up with a FLAWLESS, bug & exploit Free OS. Have yet to see one.

[Dalkorian]

I've seen an exploit free OS, but it wasn't very useful. In fact my game console is currently exploit free (because it's turned off) and it's running ex-pee, one of the least secure OS's on the planet. (Ubuntu is on the other partition and it's currently exploit free for the same reason - it's turned off.)

[superswiss]

You Apple fanboys need a serious reality check. I take this from Microsoft any day over the **** up the iPhone OS 3.1 was for example. I and everybody else, who made the mistake of upgrading their iPhone 3G to OS 3.1 was basically w/o a working phone for 4 weeks until Apple finally released 3.1.2 all the while not even publicly acknowledging the screw up. I kept missing important calls because the phone kept freezing and loosing network connectivity. I'm all aware of the Danger issue, but when was the last time Microsoft released a software update that rendered an entire device useless?

[deniceels]

And not forgetting they get jailbroken as well just as fast... :)

[lazycat202]

With a few clicks, I just patched my Win7 (7600) with latest fixes. any problems with you; Apple fanboys??

[shellcodes_coder]

Yes, they do have problems, for example their files are being deleted, they have to download 100s of MB of updates. Unlike them we don't have to do that. Those updates are less than 20 MB and takes a second or two to download it :)

[Gold_Storm_Mac]

not had an update in a few weeks. no problems, thank you. my files have and will never be deleted.

[heygeo]

@Gold_Storm_Mac
So you not getting patches in a few weeks makes you more secure?
With all the attacks that occur over websites (which are OS agnostic) you think Apple not providing you anything in a few weeks is a good thing?!
This is why Apple users are considered bottom feeders on the tech tree.. you guys are blindfolded, handed a walking stick and tied to a blind man.

[Dalkorian]

Wow shelly, I didn't think it was possible for you to build even more proof that you don't know anything about what you're talking about. I stand corrected.

[lazycat202]

"
This is why Apple users are considered bottom feeders on the tech tree.. you guys are blindfolded, handed a walking stick and tied to a blind man.
"

LOL
nice one

[sanjayb]

@heygeo

What value does your ignorant comments provide us? That's right. Nothing.

[MPB]

Sorry I submitted twice

[Dalkorian]

Happens to the best of us.