Author Topic: Microsoft to issue cursor flaw patch early  (Read 4039 times)

0 Members and 1 Guest are viewing this topic.

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Microsoft to issue cursor flaw patch early
« on: April 02, 2007, 09:05:14 AM »
Microsoft said Sunday night that it is planning to make available this week a patch for a Windows flaw that has already been used in an attack.


http://news.com.com/Microsoft+to+issue+cursor+flaw+patch+early/2100-1002_3-6172364.html?tag=html.alert
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89640
  • No support PMs thanks
Re: Microsoft to issue cursor flaw patch early
« Reply #1 on: April 02, 2007, 02:49:18 PM »
That's handy as there are by all accounts lots of exploits out there, avast added numerous win32:ani- signatures in todays VPS update and over the last few days.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free  24.8.6127 (build 24.8.9372.862) UI 1.0.814/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline .: Mac :.

  • Avast Überevangelist
  • Ultra Poster
  • *****
  • Posts: 5092
Re: Microsoft to issue cursor flaw patch early
« Reply #2 on: April 02, 2007, 05:20:54 PM »
Good work, Im glad to see Microsoft responding quickly :)
"People who are really serious about software should make their own hardware." - Alan Kay

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Microsoft to issue cursor flaw patch early
« Reply #3 on: April 02, 2007, 10:22:29 PM »
Good work, Im glad to see Microsoft responding quickly :)

Not so Quickly, They've admitted to knowing about this flaw since Dec. of last year. If they're going to claim that Vista is so secure, They're going to have to patch this stuff faster.


http://blogs.technet.com/msrc/archive/2007/03/30/update-on-microsoft-security-advisory-935423.aspx#Vulnerability
« Last Edit: April 02, 2007, 10:27:27 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34047
  • malware fighter
Re: Microsoft to issue cursor flaw patch early
« Reply #4 on: April 02, 2007, 10:30:57 PM »
Hi marc57,

Cannot it be that we have to give the “Microsoft Tuesday” initiative another year or so before it collapses under the pressure of 3rd party patches.
As we know that this ridiculously simple stack overflow in the non-checked second part of the ANI-header was around since the days of Windows 3.1, that is prehistoric times in computer terms, what could be laying in wait for us, which make my assumption not so far fetched. As you are building code on code, and never came up with a general overhaul, we know where the "big hole" is.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

drhayden1

  • Guest
Re: Microsoft to issue cursor flaw patch early
« Reply #5 on: April 02, 2007, 11:08:30 PM »
isn't there another thread for this already guys-not trying to be rude or anything but just me ;D :D
http://forum.avast.com/index.php?topic=27500.0

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Microsoft to issue cursor flaw patch early
« Reply #6 on: April 02, 2007, 11:10:57 PM »
Hi marc57,

Cannot it be that we have to give the “Microsoft Tuesday” initiative another year or so before it collapses under the pressure of 3rd party patches.
As we know that this ridiculously simple stack overflow in the non-checked second part of the ANI-header was around since the days of Windows 3.1, that is prehistoric times in computer terms, what could be laying in wait for us, which make my assumption not so far fetched. As you are building code on code, and never came up with a general overhaul, we know where the "big hole" is.

polonus

Agreed polonus,  I think Microsofts biggest problem is that they have to wait for someone from OUTSIDE the company to tell them about these flaws.  if they were serious about security, they would use some of the billions they have to hire Hackers, by the hundreds if necessary, to do nothing but try to break into their software so they could issue these patches AS SOON AS POSSIBLE so as to not leave their customers exposed, waiting until the second Tuesday of the month.


While I think it's great there are third party patches out, It's still Microsofts responsibility to make sure their software is safe.
« Last Edit: April 02, 2007, 11:16:14 PM by marc57 »
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re: Microsoft to issue cursor flaw patch early
« Reply #7 on: April 03, 2007, 05:05:03 AM »
I agree that Tuesday patch is a bad policy as they could release some of the patches earlier.
I agree that they have a long journey to 'learn' what security is.
The best things in life are free.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4871
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Microsoft to issue cursor flaw patch early
« Reply #8 on: April 03, 2007, 10:18:46 AM »
Why is Microsoft hell-bent on ruining their reputation?

Quote
Microsoft had multiple chances to release a patch for the ANI (Animated Cursor) Exploit in the months of January, February, and March but failed to release any patches for the vulnerability that was originally disclosed privately to Microsoft on December 20 2006.  Now we're getting an emergency patch today one week before the regular patch cycle and Microsoft seems to think that this is a success story on their "quick" response to this zero-day exploit.  Here's what an MSRC blog has to say:

    "I’m sure one question in people’s minds is how we’re able to release an update for this issue so quickly"

Um no not really, the question on my mind is why has it taken Microsoft three and a half month to patch a vulnerability that was disclosed to them in secret, wait until after the vulnerability is being exploited in the wild, wait until after a third party comes out with a third party patch, and wait until after this became a public relations nightmare to come out with an out-of-band patch.

http://blogs.zdnet.com/Ou/?p=460
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: Microsoft to issue cursor flaw patch early
« Reply #9 on: April 03, 2007, 11:15:42 AM »
A very good read, Thanks FWF.
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!