Yet more Windows XP security patches

[Borgholio]

Now before I continue, I just want to let everybody know that I'm NOT trying
to troll here. I'm not a Microsoft-hater, but there are just some things
that are inexcusable and that I MUST rant about. It's nothing new
actually...about a dozen security patches to install. Happens all the time.
Today, however, something just stuck in my craw. Here are the
descriptions of two patches waiting to be installed:



Size: 483 KB - 566 KB

A security issue has been identified in the Plug and Play service that could
allow an attacker to compromise your Microsoft Windows-based system and gain
control over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have to restart
your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48900




Size: 494 KB - 550 KB

A security issue has been identified in the Print Spooler service that could
allow an attacker to compromise your Microsoft Windows-based system and gain
control over it. You can help protect your computer by installing this
update from Microsoft. After you install this item, you may have to restart
your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48902




Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't have a
security hole in it??? What's next, a security hole in the mouse driver? I
mean I understand if there's a hidden security hole in the TCP / IP stack
that nobody noticed, but the Print Spooler? Plug and Play? For crying out
loud...EVERY SINGLE security patch I downloaded today is to prevent "an
attacker to gain control over your system". From my personal experience, it
seems as if Microsoft designed Windows XP to be more accessable to the
outside world than to the actual user! What's their excuse for allowing so
darn many lapses in security to pass through QA?

In a nutshell, Microsoft's security sucks eggs. Why? Do they just not care
(as they pretty much bend people over a barrel when it comes to buying an
operating system)? Or are they just incompetent when it comes to security?

 

[pcbutts1]

Apple has more then 3X the number of updates and patches than Windows with
their OSX OS.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com

 

[Borgholio]

Apple has more then 3X the number of updates and patches than Windows with
their OSX OS.

Yes but how many of them are security flaws?

 

[Fuzzy Logic]

Now before I continue, I just want to let everybody know that I'm NOT
trying to troll here. I'm not a Microsoft-hater, but there are just
some things that are inexcusable and that I MUST rant about. It's
nothing new actually...about a dozen security patches to install.
Happens all the time.
Today, however, something just stuck in my craw. Here are the
descriptions of two patches waiting to be installed:

Size: 483 KB - 566 KB

A security issue has been identified in the Plug and Play service that
could allow an attacker to compromise your Microsoft Windows-based
system and gain control over it. You can help protect your computer by
installing this update from Microsoft. After you install this item, you
may have to restart your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48900

Size: 494 KB - 550 KB

A security issue has been identified in the Print Spooler service that
could allow an attacker to compromise your Microsoft Windows-based
system and gain control over it. You can help protect your computer by
installing this update from Microsoft. After you install this item, you
may have to restart your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48902

Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't have a
security hole in it??? What's next, a security hole in the mouse
driver? I mean I understand if there's a hidden security hole in the
TCP / IP stack that nobody noticed, but the Print Spooler? Plug and
Play? For crying out loud...EVERY SINGLE security patch I downloaded
today is to prevent "an attacker to gain control over your system".
From my personal experience, it seems as if Microsoft designed Windows
XP to be more accessable to the outside world than to the actual user!
What's their excuse for allowing so darn many lapses in security to pass
through QA?

In a nutshell, Microsoft's security sucks eggs. Why? Do they just not
care (as they pretty much bend people over a barrel when it comes to
buying an operating system)? Or are they just incompetent when it comes
to security?

The perception may be that Microsoft's security sucks but if you follow many
security groups you will quickly realize that there are security issues with
just about every piece of software out there. Here is a good place to start
to give you feel of the magnitude and frequency of the issues:

http://www.us-cert.gov/cas/bulletins/index.html

 

[Leythos]

Yes but how many of them are security flaws?

Quite a few are to fix exploits - check the security groups and apples
own site.

 

[kurttrail]

Now before I continue, I just want to let everybody know that I'm NOT
trying to troll here. I'm not a Microsoft-hater, but there are just
some things that are inexcusable and that I MUST rant about. It's
nothing new actually...about a dozen security patches to install.
Happens all the time. Today, however, something just stuck in my
craw. Here are the descriptions of two patches waiting to be
installed:



Size: 483 KB - 566 KB

A security issue has been identified in the Plug and Play service
that could allow an attacker to compromise your Microsoft
Windows-based system and gain control over it. You can help protect
your computer by installing this update from Microsoft. After you
install this item, you may have to restart your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48900




Size: 494 KB - 550 KB

A security issue has been identified in the Print Spooler service
that could allow an attacker to compromise your Microsoft
Windows-based system and gain control over it. You can help protect
your computer by installing this update from Microsoft. After you
install this item, you may have to restart your computer.

More information for this update can be found at
http://go.microsoft.com/fwlink/?LinkId=48902




Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't
have a security hole in it??? What's next, a security hole in the
mouse driver? I mean I understand if there's a hidden security hole
in the TCP / IP stack that nobody noticed, but the Print Spooler? Plug
and Play? For crying out loud...EVERY SINGLE security patch I
downloaded today is to prevent "an attacker to gain control over your
system". From my personal experience, it seems as if Microsoft
designed Windows XP to be more accessable to the outside world than
to the actual user! What's their excuse for allowing so darn many
lapses in security to pass through QA?
In a nutshell, Microsoft's security sucks eggs. Why? Do they just
not care (as they pretty much bend people over a barrel when it comes
to buying an operating system)? Or are they just incompetent when it
comes to security?

LOL, Bungholio! Under what rock have you been hiding?

It's not an either/or situation. MS doesn't care about security, and
they are incompetent too.

MS is spreading out to new markets that have grown out of MS negligence
when it comes to Windows security.

MS is beta-testing noOneCares right now. It is pretty lame, as it is
right now. AV/Firewall & backup software in an all-in one solution.
The backup really sucks, as you need empty disk space
greater-than-or-equal-to the size of the files that are being backup up.
Eventually MS plans to bundle in ASW too.

And of course noOneCares will just add more holes to the Windows dyke
that malware writer will target.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Alias]

In a nutshell, Microsoft's security sucks eggs. Why?

They're too busy spending time and money on developing PA and WGA and the
consequent staff in India and Bolivia to monitor their paying customers.

Alias

 

[Bob I]

Bummer! As the clever malware writers discover new ways to redirect
"your PC", the preventive coding is refered to as "security patches".
You are aware of course that anti-virus databases are updated frequently
as well, aren't you? Would you prefer that this was not done? Pull the
network connection out of your PC and you don't have a thing to worry
about.

 

[Yves Leclerc]

Wonder what will happen when Apple completes the move to the x86 chip
platform? Will they have the same flaws as we see on Windows?

 

[kurttrail]

Bummer! As the clever malware writers discover new ways to redirect
"your PC", the preventive coding is refered to as "security patches".
You are aware of course that anti-virus databases are updated
frequently as well, aren't you? Would you prefer that this was not
done? Pull the network connection out of your PC and you don't have a
thing to worry about.

What an Ass! Like the malware writers created the holes in windows!

AV defs are written to prevent known virus/worms/trojans.

MS's patches are made to plug up a security defect in the Windows
patchwork quilt, before malware writers target it!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Bob I]

The underlying hardware isn't the issue. Re: Cisco routers

Wonder what will happen when Apple completes the move to the x86 chip
platform? Will they have the same flaws as we see on Windows?

 

[Alpha]

"> http://www.us-cert.gov/cas/bulletins/index.html

Now that is, for me, and eye opener!

 

[Leythos]

Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't have a
security hole in it??? What's next, a security hole in the mouse driver? I
mean I understand if there's a hidden security hole in the TCP / IP stack
that nobody noticed, but the Print Spooler? Plug and Play? For crying out
loud...EVERY SINGLE security patch I downloaded today is to prevent "an
attacker to gain control over your system". From my personal experience, it
seems as if Microsoft designed Windows XP to be more accessable to the
outside world than to the actual user! What's their excuse for allowing so
darn many lapses in security to pass through QA?

In a nutshell, Microsoft's security sucks eggs. Why? Do they just not care
(as they pretty much bend people over a barrel when it comes to buying an
operating system)? Or are they just incompetent when it comes to security?

Show me one OS and it's applications that doesn't have any holes and
I'll show you a system that isn't used for much.

While Windows does have a lot of issues, it works with about everything
on the planet, works for most every level of user, can easily be
secured, and is very stable and reliable. The same can not be said about
most other platforms (in case you didn't know, I also run Linux and
understand the differences). Even MAC OS/X has security holes and
updates, same with Linux, HP-UX, etc....

If you understood security you would have already learned how to secure
your system from all of the named exploits, your network, your
applications, etc.... Most of the security issues are meaningless on a
properly setup system/network.

 

[Leythos]

Wonder what will happen when Apple completes the move to the x86 chip
platform? Will they have the same flaws as we see on Windows?

The CPU has nothing to do with it - when Apple moved to OS/x there were
a lot of exploits related to security, as systems move to where they can
be used by more and more people, access more and more hardware, there
will be holes that get exposed. It doesn't matter what OS you run, none
are perfect. It's about knowing what holes are there and how to make
them a non-issue for your system/network.

 

[Fuzzy Logic]

"> http://www.us-cert.gov/cas/bulletins/index.html

Now that is, for me, and eye opener!

It's just the tip of the iceberg. CERT covers only major vulnerabilities.
For a broader list of vulnerabilities here are a few more sites:

http://www.securityfocus.com/vulnerabilities
http://www.securitytracker.com/archives/summary/9000.html

 

[Don Taylor]

Now before I continue, I just want to let everybody know that I'm NOT trying
to troll here. ....
Plug and Play? PRINT SPOOLER???? Is there ANYTHING that doesn't have a
security hole in it??? What's next, a security hole in the mouse driver?
In a nutshell, Microsoft's security sucks eggs. Why? Do they just not care

Don't laugh too hard.
One user here has an urgent priority patch for her Broadcom WinModem
sitting in the list of items from Microsoft.

Actually I've seen other hardware drivers be classified as urgent
priority patches for a month or two... and then they got demoted
to being optional hardware updates. That was probably a year or
two ago I last saw that in the updates list.

(as they pretty much bend people over a barrel when it comes to buying an
operating system)? Or are they just incompetent when it comes to security?

It is actually possible to write software that is tens or hundreds
or even thousands of times more reliable than what you usually see.
(I've actually worked on big projects in big companies that did it)
And it can actually end up being cheaper to do that than to flush crap.
But nobody seems to really care that much any more.

 

[Don Taylor]

Now before I continue, I just want to let everybody know that I'm NOT trying
to troll here. I'm not a Microsoft-hater, but there are just some things
that are inexcusable and that I MUST rant about. It's nothing new
actually...about a dozen security patches to install. Happens all the time.
Today, however, something just stuck in my craw. Here are the
descriptions of two patches waiting to be installed: ....
In a nutshell, Microsoft's security sucks eggs. Why? Do they just not care
(as they pretty much bend people over a barrel when it comes to buying an
operating system)? Or are they just incompetent when it comes to security?

And, to top it off, last night the

ITsafe Team
Making IT safe for You
http://www.itsafe.gov.uk
The UK Alerting and Advisory Service for Information and Communications
Technologies (ICT) Security

who provides advisories to people about current threats to Windows sent
out three messages informing people that critical updates were available
to fix problems with Windows.

A few hours later they revised their advice with this:

ITsafe Bulletin 2005/013A - UPDATE Number 1

What is it?
===========
Bulletin 2005-BUL-013 was issued on Tuesday 9th August, and related to
Microsoft Security Bulletin MS05-038 - a problem with "Microsoft Internet
Explorer" browser. Since then Microsoft have reported there have been
problems experienced with downloading the updates, and that they have been
temporarily removed. In addition, our UNIRAS partners report that
attempts are being made to use the problem fixed by this vulnerability to
attack computers.

What do I do?
================
Hold off updating your copy of Internet Explorer until the revised
download becomes available from Microsoft. ITsafe will issue an update
when this is available, and Microsoft's various automated update services
if enabled on your computer will detect the new update once re-released.

 

[MAP]

As with many so called "critial patches" does the average "home user" need
them?
Before installing these updates it is best to read just what they do,take
the
PNP patch that you mention, The person exploiting this MUST have their hands
on your keyboard! (or "Admin rights" how would they get this if you secured
your system?).
A couple of years ago hotfix Q811493 (the first release) had this same
mitigating factor many installed it because of the "critical update"
header,and their system slowed down to a crawl,did they need it NO!
It takes longer to install these hotfixes reading each one but on the
otherhand it may keep your computer up and running by not installing some
that you really don't need which may screw your system up! I have read posts
already on this months patch tuesday of problems with computers not booting
after installing these updates.


Mitigating Factors for Plug and Play Vulnerability - CAN-2005-1983:

.. On Windows XP Service Pack 2 and Windows Server 2003 an attacker must have
valid logon credentials and be able to log on locally to exploit this
vulnerability. The vulnerability could not be exploited remotely by
anonymous users or by users who have standard user accounts. However, the
affected component is available remotely to users who have administrative
permissions.

Just my 2 cents worth
Mike Pawlak

 

[Alias]

I downloaded them all except, of course, the malware removal tool and my
three machines run like silk so I guess what you say false.

Alias

 

[MAP]

Where you born an idiot, or did you have to work at it?

Mike Pawlak