- Related Stories
-
Attackers exploit zero-day Windows flaw
March 30, 2007 -
Cursor hole puts Windows PCs at risk
March 29, 2007
Microsoft issued an advisory on the animated cursor flaw on Thursday. By Friday, malicious code was circulating that took advantage of the hole. (For more details, see the CNET Security Center, "Windows animated cursor attack.")
In an e-mail, Microsoft said it had originally planned to patch the flaw on April 10 as part of its regular monthly security update, but now it plans to release the patch Tuesday because of the public exploit.
"Since testing has been completed earlier than anticipated, Microsoft has released the update ahead of schedule to help protect customers," a Microsoft representative said in an e-mail.
The software maker said its analysis of the data suggests that "the attacks and customer impact is limited," but the company said that it encourages customers to download the patch when it is made available. Consumers that have Windows' automatic update feature turned on will get the patch automatically. The patch can also be downloaded manually.
Microsoft said it is working with law enforcement to track down the attackers.
See more CNET content tagged:
patch, attack, software company, Microsoft Corp., e-mail
aware of it since January . . . They wait till it's publicly exploited to
release an "early" patch?
Your point is?
Your point is?
no authority or company should recommend a third party patch to the
public, this is to prevent a trend of malicious files claiming to be
an official vendor patch from being distributed across the world via
the internet.
as useful as they are to private users and some corporate environments
and official security sources, there should be no doubt that no
recommendation to use the patch should be made within the public
domain directed at the public at large.
microsoft should each and every time ZERT, for example, release a
third party patch, they (microsoft) should straight away come out to
the public domain and condemn each instance of a patch to counter-act
each media or unofficial security source who tries to link to the
patch from news articles and blog reports.
additionally, ZERT shouldn't offer the patch to the public domain,
they should setup their own infrastructure and technologies, so only
corporate, private and _official_ security sources can get the
availability of the patch.
for ZERT, there could be a business model and profit to be made by
offering a proof of concept patch before an official patch to
corporate, private and official security sources, but _not_ to the
public at large.
additionally, no _official_ security source should ever recommend
these patches to the public at large, unless you're not bothered about
being counter productive on your mission critical.
if youre an official commerical security outlet you can, of course,
like i recommended to ZERT, create a business model around these third
party patches, to distribute these to corporate, private and official
security sources, although you shouldn't be in the business of going
against microsoft patch policy as far as _public_ outletting is
concerned.
keep the third party patches for private, corporate and security
sector and stop making them available to just any tom dick and harry,
the security threat is mind bloggling! at least from n3td3v's
prospectus of the situation.
its a question of ethics and the above are mine.
the cut and snip crowd will of course be out to analyse and dissect
everything thats been said, but f* off..... i'm right your wrong!!!
n3td3v
http://n3td3v.googlepages.com
"the cut and snip crowd will of course be out to analyse and dissect
everything thats been said, but f* off..... i'm right your wrong!!!"
What's up with that? Grow up.
The only real issue I see on 3rd-party patches is compatibility. You put it in, and the OS/app vendor is still not obligated to make sure that anything they do in the future is compatible with the 3rd party patch you put in. This means that in closed-source environments, things can possibly break.
/P
- Ragging on Microsoft...
- by DemePoole April 2, 2007 2:14 PM PDT
- What is the point of ragging on MS? No company on this planet is perfect. ANYTHING created by human beings will be flawed in one way or another.
- Like this Reply to this comment
-
-
- Well said.
- by lfagius April 2, 2007 3:00 PM PDT
- I couldn't agree with you more. Well said, on all points across the board. The business situation today demands that ONE standard OS, and a common set of standards for applications installed on that OS, exists, and only that will succeed.
- Like this
-
- Correct!
- by Kostagh April 3, 2007 5:59 AM PDT
- Wonderful!
- Like this
-
- Yeah, but... pwned by a mouse cursor?
- by Penguinisto April 3, 2007 9:02 AM PDT
- I mean... c'mon, you have to admit that it's pretty mickey mouse when a [i]mouse cursor[/i] can turn your machine into a zombie...
- Like this View all 2 replies
Processing -
(63 Comments)Also, how is it MS's fault that unscrupulous and ignorant individuals take advantage of technology? Do we blame the inventor of e-mail for SPAM? Heck, do we blame all the people who brought us Internet technology for all the mayhem and problems that people who are looking to make a quick buck cause?
Human beings have an insane instinct to see those who are "On Top" come tumbling down to the bottom of the barrel. If MS Windows wasn't installed on Over 90% of computers around the world, then it would be some other OS and people would still complain about that!
Bill Gates is FILTHY RICH because he focuses on the Big Picture. Business is not about pleasing all of the people all of the time. Business is about pleasing enough people to make a fortune and keeping those people pleased to continue making a fortune.
Apple is not as big as MS, but they still make money by pleasing enough people to keep them in business so they keep making money.
If MS closed shop today, who do you think would take over? We have two viable choices as far as I can see: Apple or Linux. Apple would most likely win, becuase Linux is too confusing for the average user. Then Apple would be in the same spot as MS.
All in all, people are just never satisfied and will always find something to complain about, no matter how trivial or insignificant that "something" may be.
I do not work for MS and I am not an advocate for MS. All I want from MS are products that will help me get what I need to get done faster and more efficient. End.
People, especially tech heads, will always find something to ***** about. That goes double for anything PC related that's marketed to the mass market.
Excellent and right to the point!
Why do I not see Remington blamed for all the people using their shotguns to rob banks?
Or FORD for all the runaway cars?
Or city counsels for pickpocketing and pilfering in the streets?
People shall always be people!
/P