More zero-day attacks plague Microsoft users

[imhotep]

More zero-day attacks plague Microsoft users

"Microsoft warned users of the issue on Thursday in a security advisory,
saying that public report have pinpointed an ActiveX component as the
source of the vulnerability, but that component merely exposes the
vulnerable Windows shell. The flaw affects every version of the operating
system, except for default installations of Windows 2003, the company said.

Zero-day attacks, especially against Microsoft's Office products, have
increased in frequency this year. On Tuesday, the company shored up a hole
in its Internet Explorer Web browser, following a number of high-profile
attacks that attempted to exploit the issue. The increasing trend of
zero-day attacks has come at a time when researchers are increasingly
taking Microsoft to task for its policies on the airing of flaw details."

http://www.securityfocus.com/brief/317?ref=rss

Imhotep

 

[imhotep]

More zero-day attacks plague Microsoft users

"Microsoft warned users of the issue on Thursday in a security advisory,
saying that public report have pinpointed an ActiveX component as the
source of the vulnerability, but that component merely exposes the
vulnerable Windows shell. The flaw affects every version of the operating
system, except for default installations of Windows 2003, the company
said.

Zero-day attacks, especially against Microsoft's Office products, have
increased in frequency this year. On Tuesday, the company shored up a hole
in its Internet Explorer Web browser, following a number of high-profile
attacks that attempted to exploit the issue. The increasing trend of
zero-day attacks has come at a time when researchers are increasingly
taking Microsoft to task for its policies on the airing of flaw details."

http://www.securityfocus.com/brief/317?ref=rss

Imhotep

Anyone wanna guess how long this one will be to patch???

Imhotep

 

[imhotep]

Microsoft Office vulnerabilities infect even fewer people than IE
vulnerabilities do. This will be a big non-issue, except for misguided
media articles. Antivirus on email gateways, servers and workstations
will quickly neutralize these attacks, as they have always done in the
past for Office-based worms.

I guess if that were true, people would never get infected with virsues,
spyware and malware now would they? But since they do....

Second, the lastest Microsoft critical security hole is a combination of a
shell vulnerability and Actice-X....quite serious....

Imhotep

 

[Roger Abell [MVP]]

If you wish to originate your posting to all of the newsgroups to which I
send
this, and to which you sent the posting to which this is a reply, then will
you
please cease setting follow-ups to be different from what you are doing when
you follow-up.

A simple matter of etiquette is it not ??

Roger

 

[Leythos]

If you wish to originate your posting to all of the newsgroups to which I
send this, and to which you sent the posting to which this is a reply,
then will you please cease setting follow-ups to be different from what
you are doing when you follow-up.

A simple matter of etiquette is it not ??

It's a old trolling tactic.

 

[Roger Abell [MVP]]

It's a old trolling tactic.

Well, it certainly has become old.
I just finally tired of the fragmented threads.

Roger

 

[imhotep]

If you wish to originate your posting to all of the newsgroups to which I
send
this, and to which you sent the posting to which this is a reply, then
will you
please cease setting follow-ups to be different from what you are doing
when you follow-up.

A simple matter of etiquette is it not ??

Roger

Not sure why that pisses you off. This is the second serious security hole
in Windows in less than a month. As such, it is good to keep everyone
informed....

 

[imhotep]

It's a old trolling tactic.

Whatever fool.

 

[imhotep]

Well, it certainly has become old.
I just finally tired of the fragmented threads.

Roger

Roger, you participate as much as anyone and cause some as well...stop being
a hypocrite.

 

[Roger Abell [MVP]]

Roger, you participate as much as anyone and cause some as well...stop
being
a hypocrite.

Bugger off if you cannot address the issue raised.
I rarely use follow-up headers, and usually so indicate
in the first line of my post when I do.
Your use of them is just leaving everyone to either follow
this in the IE sec group or to put up with a partial thread.
If you reply to something in IE sec, posted only to IE sec
then reply to it there and do not reestablish the full x-post
list whereby your reply shows up without the replied-to.

Roger

 

[Roger Abell [MVP]]

Not sure why that pisses you off. This is the second serious security hole
in Windows in less than a month. As such, it is good to keep everyone
informed....

I said nothing so crude as p*@! off !

If you choose to inform a large audience, as your choice of x-post NGs
indicated, then learn to control your usage of the follow-up header so
that you actually do keep that large x-post group in the thread.
If you are unable to learn how to use KNode so that it posts respectfully
then perhaps you need a different news client.

Roger

 

[imhotep]

I said nothing so crude as p*@! off !

"Pissed off" is neither crude nor rude. It is saying in American English
that translates to: Angry, etc

If you choose to inform a large audience, as your choice of x-post NGs
indicated, then learn to control your usage of the follow-up header so
that you actually do keep that large x-post group in the thread.
If you are unable to learn how to use KNode so that it posts respectfully
then perhaps you need a different news client.

Roger

Gee Roger, after going through the newspost the "follow up to" group is
correct set to the group I first send this
to "microsoft.public.internetexplorer.security". Is it that your news
client is malfunctioning or you need a lesson on how to read news header
information? If you do just let me know, I will help you out, again.

This thread is about the second highly critical security hole in Microsoft's
products in less than 3 weeks. If you have something to add, information,
an etp (estimated time to patch) anything of importance, please do. Please
also share the information with everyone since it affects so many. After
all that *IS* what newsgroups are for: Sharing information.

Now, do you have anything to share about this, the second highly critical
security hole in the Windows platform?

Imhotep

 

[imhotep]

Bugger off if you cannot address the issue raised.
I rarely use follow-up headers, and usually so indicate
in the first line of my post when I do.
Your use of them is just leaving everyone to either follow
this in the IE sec group or to put up with a partial thread.
If you reply to something in IE sec, posted only to IE sec
then reply to it there and do not reestablish the full x-post
list whereby your reply shows up without the replied-to.

Roger

Roger, again, this thread is about the second highly critical security hole
in Microsoft's platform in three weeks. If you have something to add or
help all the people using Microsoft's products please do. Somethings needs
to be done...

If you are going to waste people's time with your endless wining about
posting a security related post across multiple newsgroups, then you are
just wasting everyone time. Aren't you?

Questions:
Do you have knowledge about an ETP (Estimated Time to Patch) from Microsoft?

Do you have any knowledge about how people can protect themselves? Maybe not
use IE?

Do you have *any* relevant information to share?

Imhotep

 

[Roger Abell [MVP]]

"Pissed off" is neither crude nor rude. It is saying in American English
that translates to: Angry, etc




Gee Roger, after going through the newspost the "follow up to" group is
correct set to the group I first send this
to "microsoft.public.internetexplorer.security".

Then why is it that you are sending your replies to more than that group?
Please cure YOUR malfunction.
If you believe you do want all follow-ups to go to only your first listed
newsgroup, then NONE of your subsequent posts should go ANYWHERE
except there.

Roger

 

[imhotep]

Then why is it that you are sending your replies to more than that group?
Please cure YOUR malfunction.

Can you *not* read?

This thread is about the second highly critical security hole in Microsoft's
platform. Information should be shared as this is affecting everyone
(except default Windows server 2003). So, yes, I include this security post
(and replies) in multiple security newsgroups. This is done intentionally.

Now, that being said, do you have anything, anything whatsoever, to add or
help people with regard to the security hole?

If you believe you do want all follow-ups to go to only your first listed
newsgroup, then NONE of your subsequent posts should go ANYWHERE
except there.

Roger

Sending to multiple groups is designed so that people do not need to go to
multiple groups. However, this security IS relevant in MULTIPLE security
newsgroups.

Roger, this is the last time I will waste my time with your foolish
winning....

I am beginning to see that you do not have any usefull information to share.
You just want to wine and get some attention. Ok, you got your attention.
Not let others add information that will help prevent users from being a
victim of spyware, maleware and viruses.

Im

 

[Leythos]

Gee Roger, after going through the newspost the "follow up to" group is
correct set to the group I first send this
to "microsoft.public.internetexplorer.security". Is it that your news
client is malfunctioning or you need a lesson on how to read news header
information? If you do just let me know, I will help you out, again.

Actually, your Usenet client is not properly configured and I have to
edit every reply I make to you because of your improper use of "Follow
Up"

The messages in this thread are posted as follows:

Newsgroups: microsoft.public.internetexplorer.security,
microsoft.public.security, microsoft.public.security.homeusers,
microsoft.public.windowsxp.security_admin

You post with the following:
Followup-To: microsoft.public.internetexplorer.security

None of the rest of us do this - you are either doing it on purpose or
you don't know what you are doing.

 

[Leythos]

Sending to multiple groups is designed so that people do not need to go to
multiple groups. However, this security IS relevant in MULTIPLE security
newsgroups.

Then learn how to set a proper follow-up or just start posting it to
that group, in addition to the others.

Your current method is broken and makes you look like a troll.

 

[Leythos]

Whatever fool.

If you can't follow posting/reply standard, and appear to not understand
how to reply, then you should put your reply settings back to default -
if you want to include the security group then do so, in the main list,
but don't set follow-ups to a single group and then leave out the
others.

You are not fooling anyone.

 

[imhotep]

Then learn how to set a proper follow-up or just start posting it to
that group, in addition to the others.

Your current method is broken and makes you look like a troll.

It is called cross-posting. It is allowed via the protocols.

What exactly *is* a troll? Cross-posting a news reply relating to a highly
critical security hole to multiple security groups? Or replying to a thread
about the lastest security hold in Windows taking about cross-posting?

You and I definitely have a different definition about "trolling". I will
leave it at that.

Now, from now on let's stick to the topic and talk about the latest
Microsoft security hole (Active-X/Shell)...I think we would all be better
off don't you think?

Any news on when a patch will be out?

Any news on how to midigate this?

What should "common" user do?

Im

 

[Roger Abell [MVP]]

Then learn how to set a proper follow-up or just start posting it to
that group, in addition to the others.

Your current method is broken and makes you look like a troll.

I believe our attempts to assist Im in correct use of NNTP threading
so that the discussion does reach the "MULTIPLE security" NGs in
a meaningful, useful form will come to naught.