Microsoft Uncovers Critical Windows Security Hole

[Dark Matter]

Microsoft Uncovers Critical Windows Security Hole

The story http://www.guardian.co.uk/business/story/0,3604,1145536,00.html

Actually, they didn't discover it

The company, which learned about the flaws more than six months ago from researchers, said the only protective solution was to apply a repairing patch it offered on its website. It assessed the threat as "critical", its highest rating.

Security executive Stephen Toulouse said the flawed software was "an extremely deep and pervasive technology in Windows," and urged customers to apply the patch immediately

Windows update called for I think.

"This is one of the most serious Microsoft vulnerabilities released," said Marc Maiffret, of eEye Digital Security in California, which discovered the flaws. "The breadth of systems affected is probably the largest ever. This is something that will let you get into internet servers, internal networks, pretty much any system."

Mr Maiffret said systems that control important power or water utilities were vulnerable. He predicted hackers will try to unleash an internet infection within weeks.

BTW, this is NOTHING to do with the Mydoom backdoor.

DM

 

[TheDarkSide]

I like to do my own Windows updates and the other day I did just that - 32 critcial updates later - Im peechy clean !! :lol:

 

[Dark Matter]

The New update was released YESTERDAY - 10th Feb 2004.

If you updated before that - update again!

 

[Crogon]

The problem is that all the protocols and crap used to communicate have been re-written and patched and horsed around with for 20 years now. Novell had a good idea when they built their own version of tcp-ip, but they dropped the ball after that. someone needs to take the whole damn infrastructure apart and rebuild it from the ground up. till that happens, no computer built will ever even remotely resemble anything 'secure'. well i take that back. secure miltary communications are 100% uncrackable, but the rest of us are hosed.

 

[TheDarkSide]

O rats - thanks for the info . Does any 1 actually leave the updater on to do its own thing ? I always turned it off cause I dont want it bogging me down .

 

[Dark Matter]

I have my Norton AV, Windows Update and Zonealarm update to check for updates as soon as I turn my PC on (even on reboots!).

AV will install automatically and advise me that it has done so. Windows Update and Zonealarm have pop-ups that advise me that an update is available, and I click yes when I am ready to do it.

They DO NOT all update themsleves at the same time ( see Crogon's FAQ on security for reason's why.)

My Windows was updated last night when I got home from work and I didn't realise why until I saw thw newspapers this morning. I am currently trying to DL the patch for the work PC, but it's as slow as a snail and has failed 4 times already - sysytem overload I think.

DM.

 

[Wolfwind]

I think the topic title is wrong. It should be..

'Microsoft Uncovers ANOTHER Critical Windows Security Hole. '

They seem to be cropping up rather recently lately.. Maybe everyone should go back to 3.1.

 

[Anakha1]

I think the topic title is wrong. It should be..

'Microsoft Uncovers ANOTHER Critical Windows Security Hole. '

They seem to be cropping up rather recently lately.. Maybe everyone should go back to 3.1.

Screw it, let's just go back to DOS and call it a day.

 

[Crogon]

Also, this should be upgraded to an Immediate Threat alert. About 3am MST some dude from Virginia tried to hit the socks on one my 'puters. God knows how many servers he and other hackers have gotten into by now. Expect another 'CodeRed' type of general internet breakdown in the next few days.

 

[PublicEnemy]

Windows update is unavailable at the moment:
HTTP/1.1 Server Too Busy

 

[Nastie_Bowie]

I got an update yesterday afternoon. Hope that is the one you all are talking about.

NB :uhhuh:

 

[Dark Matter]

Security Update 828028 Is the relevant one.

 

[Fallen_62]

what if we dont have, say, a "completely legit" copy of windows, and the key i got isnt right...? cuz it wont let me do SP1 on xp... says invalid key or something like dat... didnt pay attention... only that it didnt work

 

[Yavanna]

I think the topic title is wrong. It should be..

'Microsoft Uncovers ANOTHER Critical Windows Security Hole. '

They seem to be cropping up rather recently lately.. Maybe everyone should go back to 3.1.

Nope, nope, nope. You can only say "ANOTHER" if Microsoft itself uncovered any of the previous ones. It's "ANOTHER" security hole uncovered, but not "ANOTHER" one uncovered by Microsoft.

Me misses 3.1.

 

[Nastie_Bowie]

Security Update 828028 Is the relevant one.

Win 2000 Hotfix KB828028?

Got that one. Thanks.

NB :uhhuh:

 

[Sergeant]

what if we dont have, say, a "completely legit" copy of windows, and the key i got isnt right...? cuz it wont let me do SP1 on xp... says invalid key or something like dat... didnt pay attention... only that it didnt work

If your copy isn't completely legit, you don't have much to complain about.

 

[ZeppelinAngel]

i have 40 something megabytes of updates to download for windows..

meh.. :yawn:

 

[Mad Merlin]

*hums a song*

la la la la la hum hum la la la

Ah...

Should we release the hounds yet Durf?

 

[Jigga-Scrooge]

did i get it when that little thing popped up in the bottom right corner?