Author Topic: Microsoft Ships First Vista Security Patches  (Read 3812 times)

0 Members and 1 Guest are viewing this topic.

Offline YLAP

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 2118
Microsoft Ships First Vista Security Patches
« on: January 16, 2006, 06:28:19 PM »
Microsoft Corp. has shipped the first critical security update for Windows Vista, the next version of its flagship operating system. Over the weekend, the company released patches for beta testers running the Windows Vista December CTP (Community Technology Preview) and Windows Vista Beta 1, and warned that the new operating system was vulnerable to a remote code execution flaw in the Graphics Rendering Engine. A Microsoft spokesperson told eWEEK that the Vista patches address the same vulnerability that led to the WMF (Windows Metafile) malware attacks earlier this month. Microsoft's out-of-cycle security update for the WMF vulnerability makes no mention of Windows Vista being vulnerable, but with the release of this weekend's patches it is clear that the poorly designed "SetAbortProc," the function that allows printing jobs to be cancelled, was ported over to Vista. Microsoft also moved swiftly to dismiss speculation in some quarters that the WMF flaw was a "back door" placed in Windows intentionally by the Redmond, Wash., software maker. On the MSRC (Microsoft Security Response Center) blog, program manager Stephen Toulouse said the SetAbortProc functionality was a component of the graphics rendering environment needed for applications to register a callback to cancel printing, before the WMF file format even existed. "Remember, those were the days of cooperative multitasking, and the only way to allow the user to cancel a print job would be to call back to them, usually via a dialog. Around 1990, WMF support was added to Windows 3.0 as a file-based set of drawing commands for GDI to consume," Toulouse said. "The SetAbortProc functionality, like all the other drawing commands supported by GDI, was ported over (all in assembly language at this point) by our developers to be recognized when called from a WMF. This was a different time in the security landscape and these metafile records were all completely trusted by the OS. To recap, when it was introduced, the SetAbortProc functionality served an important function," he added.

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: Microsoft Ships First Vista Security Patches
« Reply #1 on: January 16, 2006, 06:33:17 PM »
not even public yet and it already needs security patches
"People who are really serious about software should make their own hardware." - Alan Kay

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48524
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Microsoft Ships First Vista Security Patches
« Reply #2 on: January 17, 2006, 02:02:35 AM »
If my memory serves me right, OSX also needed a few when it first came out. :)
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

justin1278

  • Guest
Re: Microsoft Ships First Vista Security Patches
« Reply #3 on: January 17, 2006, 04:09:22 AM »
Hello,

With OSX it doesn't really matter if you update or not. There are only a few viruses out there and the odds of getting 1 are slim to none. With Windows it's a different story. Whenever someone has or has had a problem it is mostly because there windows machine is not fully updated.

Staind

  • Guest
Re: Microsoft Ships First Vista Security Patches
« Reply #4 on: January 17, 2006, 04:12:12 AM »
I believe the OSX flaws should be updated as they are released.  With Mac you don't need to worry about viruses, but not all updates are virus-related.

CharleyO

  • Guest
Re: Microsoft Ships First Vista Security Patches
« Reply #5 on: January 17, 2006, 07:07:35 PM »
***

Just remember this, friends ......

Whatever OS is most used will be the most vulnerable and the most attacked.    :(

When someone(s) wants to attack someone or something, they go for the most damage ... in this case, the most used OS.

That just the way it is.


***

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5093
Re: Microsoft Ships First Vista Security Patches
« Reply #6 on: January 19, 2006, 04:39:03 AM »
Mac OS X had 9 security updates issued by apple last year. they related to Java, safari, quicktime and other apps, very few have to do with the OS itself unlike windows
"People who are really serious about software should make their own hardware." - Alan Kay