Critical MS Windows XP patch

This morning Microsoft issued a "Critical" security patch for some versions of MS Windows XP.

This was less than 24 hours after Microsoft announced they would issue no patches during the month of December 2003 ... /ubbthreads/images/graemlins/grin.gif

Here's a quick article on it: news.com.com article.

(This release is a re-release of a faulty release released last month. /ubbthreads/images/graemlins/huh.gif )

Re:

Can I start threads about all the critical security problems in various Linux distros?

If they are started to inform users of same so they can apply current fixes as they come out, I don't see why not, Evan.

The security update info I posted before this one was for the Mac OS X users ... which I know we have some of here. /ubbthreads/images/graemlins/huh.gif

Hey Tomas,
Don't forget to leave off the quotation marks in the Subject line! /ubbthreads/images/graemlins/smile.gif
Pat

Ah!

Got me on that one, Treek!!!

(Damned defective ... nevermind ... )

Thanks for the notice - on my way back to fix that now.

/ubbthreads/images/graemlins/blush.gif

The main Linux distros are Redhat (server oriented), Mandrake (excellent all-round), SuSe, and Debian for PC hardware. There are others for Power PC (Mac), and a ton of niche distros, as well as regional distros.

Try to remember that many of the security patches and updates are not for the kernel (which IS linux), but for the other stuff, mainly servers. Servers like Postfix, Sendmail, and Apache are multiplatform (Linux, Unix, BSD, Windows, Mac, or at least the first three).

MSIE users: Give a look at this page and give the "test" a try:

Secunia.com

MSIE 6.X users will show a problem with the test unless patched, but what will be even more interesting is if earlier versions of MSIE show the same problem, or if other browsers show the same problem.

(I checked out my primary browser, and it is not susceptable.)

Tomas -

Thanks.

Tomorrow morning I'll make sure autoupdate caught this at work on a sampling of XPs.

At home now on ME. I have the latest updates for it. I went ahead and checked Secunia and it shows my ME OS IE6 as being vulnerable. What do you think is going on there? MS hasn't figured a fix yet?

I don't think MS has a patch for this scheduled until at least January 2004 ...

I heard about that particular bug. Have yet to pay attention to see if any spams have been using it.

I use Opera v6.04 and it warned me that I was going to a URL with a username/pass in it (the stuff before the @). But it still shows the full URL in the address bar and when I mouseover the link.

Guess im safe for now. /ubbthreads/images/graemlins/grin.gif

i dont know what to think about windows.

on one hand, i like the idea that they are continually working on it for improvements...

on the other hand, perhaps they should have worked out the bugs before implementing it.

update, update, update, update...jees.

Bob

K A, I've seen several spam/scam e-mails using this - many of the PayPal and eBay scam e-mails, for example, have used this or something very similar for the past year or so.

Currently with MSIE the only way to be absolutely certain where some web page (e-mail) is sending you (has sent you) is to actually looks at the page source - and some of them are fascinating.

Re: -= MSIE Patch=- From OpenSource shop

I don't really know what to say about this - Microsoft has known about this one for an appreciable time and has a patch potentially scheduled for release not earlier than January 2004.

In the mean time, however, an OpenSource shop has released a patch - and it's source - several days ago ...

I find this interesting. The OpenSource shop is a legit shop, but does one go ahead and swot up their patch for MSIE, or be very careful and wait for Microsoft to fix their product?

Personally I don't use MSIE so it doesn't matter to me, but which do you trust more: Microsoft or an independent software shop that is secure enough in it's patch to even release the source code for checking by others?

Hmmmmmm ... /ubbthreads/images/graemlins/thinking.gif

Article on patch availability.

Re: -= MSIE Patch=- From OpenSource shop

Microsoft, 'cuz even if the patch works and is legit (which it most probably is) it may cause serious unforseen incompatibilities with future MS patches. Making their own update work with the millions of hardware/software combinations out there has to be challenging enough, they're probably not going to accept the extra responsibility for whether it also works with someone elses patch to their product. And since I'm here and discussing MS, Ahem:

<SOAPBOX>
I'm still not upgrading to XP because I'll be damned if I'm going to willingly participate in that degrading requirement of begging MS for permission to use a product I legitimately paid for. If Longhorn has this or an equally offensive DRM scheme I will be jumping to Linux.
</SOAPBOX>

Thank you and have a pleasant tomorrow.

Re: -= MSIE Patch=- From OpenSource shop

[ QUOTE ]
Tomas said:
In the mean time, however, an OpenSource shop has released a patch - and it's source - several days ago ...


[/ QUOTE ]

Hopefully, no one attempted to apply this unauthorized patch. The first version leaves you vulnerable to a buffer overflow attack. They fixed that, but the version available now calls home. /ubbthreads/images/graemlins/icon23.gif
You can read about it here at SpyWareInfo's newsletter.

I'd strongly encourage you to wait for Microsoft's patch.