Exploit for "Zero-Day" Vulnerability Detected by Microsoft

[FreewheelinFrank]

@Bob

Have you called MS ?

Calls are charged at national rate. I might try tomorrow but if they keep me hanging on the line, I'm not going to run up a huge phone bill.

False positives aren't anything new and this isn't any different.

It's not a false positive: two of their patches collided in a traffic accident for some customers and they want those customers to pay to have the situation fixed- or wait for the next XP service pack, which is so far off on the horizon it's invisible.

I'm sure if this related to Firefox, your words would be a little kinder.

I don't know what this has to do with Firefox, but if Mozilla asked me to phone up customer support to get a hotfix and possibly pay for it I'd be just as pissed off.

@johnny223

There is no link. There's a link to customer support. In the UK it's a national rate telephone number. The page also is not clear whether a charge will be made for taking the call.

[DavidR]

Calls are charged at national rate. I might try tomorrow but if they keep me hanging on the line, I'm not going to run up a huge phone bill.

If it is an 0870 number try a search on that number in http://www.saynoto0870.com/ and see if there is an alternative geographic number.

I signed up and use http://www.call18866.co.uk/ to make calls to geographic numbers, there is a connection charge of 5p, but the rest of the call is no charge, free.

[bob3160]

Frank
I know it's not a false positive but the effect is similar.

[FreewheelinFrank]

Microsoft have obviously been reading my merciless ribbing and have put the hotfix on the web page:

http://support.microsoft.com/kb/935448/ 

(Requires WGAPluginInstall.exe and GenuineCheck.exe.)

[FreewheelinFrank]

Hotfix applied and no more problems. 

[avatar2005]

the update for ex-SU users is finally avaliable today. Yey! It takes Long time
 

[drhayden1]

what more next week
Next week is Patch Tuesday again:
Microsoft Security Bulletin Advance Notification
http://www.microsoft.com/technet/security/bulletin/advance.mspx
Updated: April 3, 2007

The next security bulletin advance notification is scheduled for April 5, 2007, and will outline information for the April 10, 2007 security bulletin release.

or am i reading it wrong

[avatar2005]

Yes I Think You are right, as far as I understood the next update will be on 10th of April 2007.
but I have a hypothetical question: are there some time to come, when Microsoft will fix all the holes in their Windows family product line?

[bob3160]

Yes I Think You are right, as far as I understood the next update will be on 10th of April 2007.
but I have a hypothetical question: are there some time to come, when Microsoft will fix all the holes in their Windows family product line?

Yes, right after people stop exploiting holes......

[OrangeCrate]

Yes, right after people stop exploiting holes......

Agreed, and I might add to that, when people stop running through the Internet barefooted and blind...

One of my favorite quotes:

"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -Rich Cook

[bob3160]

"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning. -Rich Cook"

Confucius says  "People who skate the net without a condom are sure to wind up with a pregnant roller skate." 

[avatar2005]

  Funny, but true

[polonus]

Hi malware fighters,

The Microsoft patch has again caused trouble in Germany where an online taxpayers' program became corrupted through downloading the patch. The hotfix for this was not available on the german site at the time, but on an english site. The deadline for the german tax-collect is April 10th.
Haven't we developed all sorts of methods and techniques in software engineering to keep errors limited to a specific components, where changes in the implications of components or components do not have to lead to errors and failure. If the result of some buffer-overflow in the animated-mouse-cursor-component makes an application fail to respond, we have a case of "leaky abstractions", ill-chosen interfaces or a row of simple errors. When it was the first time this occured we could forgive M$, but this is not the first time....

polonus

[bob3160]

When it was the first time this occurred we could forgive M$, but this is not the first time....

Why isn't the blame put on the folks that caused the need for a patch in the first place. 
Why is it Microsoft's fault that hackers are breaking their code
This is like blaming  the homeowner for allowing a thief brake into his home. 

[DavidR]

They aren't breaking MS's code, rather finding vulnerabilities and exploiting them. The code was/is already broken.

The home owner who leaves the doors or windows open can hardly be surprised when they are burgled. Lock the doors and windows and you can rightly feel aggrieved at getting burgled.