22 New security flaws found in Windows - GoFuckYourself.com

Whit Just Whit · 10-12-2004, 03:45 PM

Imagine if you could read next weeks newspaper today... well my friend.. the time is HERE!

Read this article... then read the comments below.

From http://news.com.com/Microsoft+warns...ml?tag=nefd.top

update Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products.

The advisories, and patches published with the bulletins, range from an "important" flaw affecting only Microsoft Windows NT Server to a collection of eight security holes, including three rated "critical," that leave Internet Explorer open to attack. Microsoft's highest severity rating for software flaws is its "critical" ranking, while "important" is considered slightly less severe.

One flaw, in Microsoft Excel, even affects Apple Computer's Mac OS X.

The abundance of flaws could leave corporate PCs vulnerable to attack if administrators are not able to patch quickly. A similar situation occurred in April, when Microsoft published seven advisories detailing 20 flaws. While one security hole stood out among those 20--and led to the widespread Sasser worm--there are no standouts in the current gaggle of goofs.

"Our challenge is trying to guess what the criminals are going to attack," said Stephen Toulouse, security program manager for Microsoft's security response team. "The guidance we are giving in general is to treat the critical ones first."

A single computer would not be vulnerable to all the flaws, Toulouse added.

Oliver Friedrichs, senior director of Symantec's security response center, said three vulnerabilities could lead to a Sasser-like worm, but the danger is lessened by the fact that the vulnerable services are not started by default on most versions of Windows. These flaws are related to three network protocols that are not generally activated on Windows computers: Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP), and Network Dynamic Data Exchange (NetDDE).

"Blaster and Sasser targeted core system vulnerabilities, where if you didn't have the patch you were vulnerable," Friedrichs said. "The key thing here is that these are not (generally) enabled by default.The question is how large is the deployment of vulnerable systems."

Microsoft rates the SMTP flaw critical only for Microsoft Exchange Server 2003. The NNTP flaw is rated critical for Microsoft Exchange 2000.

The other major class of flaws are those that affect applications on desktop computers, such as Internet Explorer and Excel. Threats to so-called client-side applications have been growing, Friedrichs said.

Of the current crop of vulnerabilities, 12 fall into that category. Of these, Microsoft rated five critical: three of the eight vulnerabilities in Internet Explorer, as well as two flaws in Excel.

Several of the flaws could be used to create Web content that would run a program from the Internet, if a victim could be lured to the malicious Web site.

Symantec raised its overall Internet Threat Condition to 2 from 1, on account of the newly released vulnerabilities.

Microsoft has also re-released a patch from last month's graphics vulnerability, fixing a conflict with Windows XP Service Pack 2.

------

So now you KNOW what is going to happen in the future... billions of computers are going to be infected by more security flaws. Billions of potential customers are going to desperately need a spyware remover tool and an anti-virus program. It's a good day to be selling spyware removers and anti-virus software

So get your ass over to http://affiliate.idownload.com/?ref=245

if you're not already promoting, pick up a banner or button and add it to your galleries or your tgp or a big fat console sized one on your paysite exits... seriously you'll make a bundle.

you know the future, dont look back on it with regret.

J$tyle$ · 10-12-2004, 03:50 PM

Interesting!

fris · 10-12-2004, 03:51 PM

now tell me how secure everyones hosting servers are

Kimmykim · 10-12-2004, 04:51 PM

Quote:

Originally posted by fris
now tell me how secure everyones hosting servers are

Aren't most of them Linux?

fris · 10-12-2004, 04:55 PM

Quote:

Originally posted by Kimmykim
Aren't most of them Linux?

yes. and the clients i have taken on everyone had at least 5-10 security holes, because a. the people managing their servers are lazy and don't care. so what happens when an affil program gets breached? they come up with some excuse that their data was comprimised. Most the asshats don't know what they are doing.

for example ev1 servers out of the box their is 12-15 security holes right when you purchase the server. its up to you to fix them.

same can go for any other server. so when something happens where do you place the blame? the host? yourself? think of that.

10-12-2004, 03:45 PM	#1
Whit Just Whit Confirmed User Join Date: Aug 2004 Location: Under Justin Timberlake Posts: 333	22 New security flaws found in Windows Imagine if you could read next weeks newspaper today... well my friend.. the time is HERE! Read this article... then read the comments below. From http://news.com.com/Microsoft+warns...ml?tag=nefd.top update Microsoft on Tuesday published 10 software security advisories, warning Windows users and corporate administrators of 22 new flaws that affect the company's products. The advisories, and patches published with the bulletins, range from an "important" flaw affecting only Microsoft Windows NT Server to a collection of eight security holes, including three rated "critical," that leave Internet Explorer open to attack. Microsoft's highest severity rating for software flaws is its "critical" ranking, while "important" is considered slightly less severe. One flaw, in Microsoft Excel, even affects Apple Computer's Mac OS X. The abundance of flaws could leave corporate PCs vulnerable to attack if administrators are not able to patch quickly. A similar situation occurred in April, when Microsoft published seven advisories detailing 20 flaws. While one security hole stood out among those 20--and led to the widespread Sasser worm--there are no standouts in the current gaggle of goofs. "Our challenge is trying to guess what the criminals are going to attack," said Stephen Toulouse, security program manager for Microsoft's security response team. "The guidance we are giving in general is to treat the critical ones first." A single computer would not be vulnerable to all the flaws, Toulouse added. Oliver Friedrichs, senior director of Symantec's security response center, said three vulnerabilities could lead to a Sasser-like worm, but the danger is lessened by the fact that the vulnerable services are not started by default on most versions of Windows. These flaws are related to three network protocols that are not generally activated on Windows computers: Simple Mail Transfer Protocol (SMTP), Network News Transfer Protocol (NNTP), and Network Dynamic Data Exchange (NetDDE). "Blaster and Sasser targeted core system vulnerabilities, where if you didn't have the patch you were vulnerable," Friedrichs said. "The key thing here is that these are not (generally) enabled by default.The question is how large is the deployment of vulnerable systems." Microsoft rates the SMTP flaw critical only for Microsoft Exchange Server 2003. The NNTP flaw is rated critical for Microsoft Exchange 2000. The other major class of flaws are those that affect applications on desktop computers, such as Internet Explorer and Excel. Threats to so-called client-side applications have been growing, Friedrichs said. Of the current crop of vulnerabilities, 12 fall into that category. Of these, Microsoft rated five critical: three of the eight vulnerabilities in Internet Explorer, as well as two flaws in Excel. Several of the flaws could be used to create Web content that would run a program from the Internet, if a victim could be lured to the malicious Web site. Symantec raised its overall Internet Threat Condition to 2 from 1, on account of the newly released vulnerabilities. Microsoft has also re-released a patch from last month's graphics vulnerability, fixing a conflict with Windows XP Service Pack 2. ------ So now you KNOW what is going to happen in the future... billions of computers are going to be infected by more security flaws. Billions of potential customers are going to desperately need a spyware remover tool and an anti-virus program. It's a good day to be selling spyware removers and anti-virus software So get your ass over to http://affiliate.idownload.com/?ref=245 if you're not already promoting, pick up a banner or button and add it to your galleries or your tgp or a big fat console sized one on your paysite exits... seriously you'll make a bundle. you know the future, dont look back on it with regret. __________________ Whitney ICQ:258589210 AIM:Whitjustwhit

10-12-2004, 03:51 PM	#3
fris Too lazy to set a custom title Industry Role: Join Date: Aug 2002 Posts: 55,372	now tell me how secure everyones hosting servers are __________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence. WP Stuff

10-12-2004, 03:50 PM	#2
J$tyle$ Too lazy to set a custom title Industry Role: Join Date: Apr 2003 Location: Sunny San Diego Posts: 11,500	Interesting!