Microsoft patches 'evil' bug

Nibble Kernel clunk

By Nick Farrell

Wed Mar 11 2009, 13:46

MICROSOFT HAS REPAIRED has repaired a kernel bug in Windows which was dubbed evil by insecurity experts.

The patch, MS09-006, fixed a vulnerability in the kernel which meant that all a victim had to do was look at a webpage to be infected.

MS09-008 fixed four separate flaws in Windows' DNS and WNS servers and Microsoft tells us it is very important.

L'Inq
VNUNet

Microsoft’s January Patch Tuesday fixes a critical Windows Media flaw Totals eight vulnerabilities Wednesday, 11 January 2012, 16:26 PM Read more	Microsoft patches 23 flaws in multiple products Internet Explorer updates are the most urgent ones Wednesday, 12 October 2011, 15:42 PM Read more
Microsoft will patch critical IE and .NET bugs next week Eight bulletins cover two dozen flaws Friday, 7 October 2011, 16:27 PM Read more	Microsoft and Adobe release security updates Remote code execution flaws patched Wednesday, 14 September 2011, 13:32 PM Read more
Microsoft fixes Pwn2own Internet Explorer hole Along with 63 other software vulnerablities Wednesday, 13 April 2011, 11:14 AM Read more	Microsoft will fix 64 flaws with April Patch Tuesday Lots of security updates Friday, 8 April 2011, 12:23 PM Read more

< Previous article| Next article >

Comments

Pshh... All browsers are vulnerable

It's actually obvious. Firefox, IE, Opera, Safari, etc. All have vulnerabilities, hell Firefox and IE have the most. And yes, Firefox does have them.

At least Microsoft made a good move with it.

posted by : Smalls, 13 March 2009 Complain about this comment

Don't blame the bugs!

Bugs (and hackers) have to live,too. Bugs, and the opportunistic viruses that cohabit with them, gravitate toward financially-nutritious places riddled with holes and tunnels in which they burrow deep inside, hiding and gorging themselves and their masters.

Microsoft Windows operating systems are designed to fill all these requirements, and thus are natural habitats to a menagerie of various bugs and viruses.

It is not the bug's fault. If you happen to be bug-allergic, use Linux.

posted by : Orkin man, 13 March 2009 Complain about this comment

@Hucklebuck

Wasn't it a couple of months back that Safari for Windows was doing the same thing you are accusing IE of? That browser would download and automatically run all applications from the net without user authorization, and run them administratively

posted by : John Tagart, 12 March 2009 Complain about this comment

@Hucklebuck

@Hucklebuck:

Well guess what, not every security hole can be circumvented by using Firefox because Firefox also has to use GDI to draw content and the bug is in the GDI passing unvalidated input to the kernel mode (or as some would say "to the other side of a fence").

http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx

posted by : Igor, 12 March 2009 Complain about this comment

Duh

"The patch, MS09-006, fixed a vulnerability in the kernel which meant that all a victim had to do was look at a webpage to be infected."

I'm guessing that a victim had to be using Internet Exploder for this to be an issue - which should be the ONLY browser out there with security holes to the kernel.

Why any user would expose their system to such ugly security holes by using IE is way beyond me...

posted by : Hucklebuck, 11 March 2009 Complain about this comment

Extra Stuff for Darn Patch Tuesday....

Although Update Might Be light, Another Thing to Do On Patch Tuesday Is Address All Compromised Partitions With Extra Hard Registury Cleaner, Try msn tech downloads for sample, Removed 6,710 of Buggers just Yesterday. Defrag & Try to Unblock partition thru computer on wporking partition.Speedo UP Memory. Its Simple & Every 4 Months Spending Day Trying Everything including Restore & NewsGroups is way to spend Sunny, Not HOT, Afternoon. Might Pick UP Some REAL Space.AdViseMent By: drashek

posted by : Techie, 11 March 2009 Complain about this comment

INQ White papers

Databases

Network management

Security

Service oriented architecture

Storage

INQ Jobs

VB.NET Web Developer

VB.NET Web Developer V...

INQ Poll

Authorities in several countries raided Megaupload recently, shut down all of its services, seized hundreds of servers and arrested several of its executives on criminal charges.

Do you think the move was justified?

Yes, companies should suffer an immediate death penalty upon being accused of copyright infringement.

Yes, the coppers said the company was breaking the law so it must be guilty.

No, the company and the people accused are innocent until proven guilty.

No, the company had millions of customers who have been harmed by having access to their data files cut off.

I don't care, I never used Megaupload anyway.

View other polls

© Incisive Media Investments Limited 2012, Published by Incisive Financial Publishing Limited, Haymarket House, 28-29 Haymarket, London SW1Y 4RX, are companies registered in England and Wales with company registration numbers 04252091 & 04252093

SEARCH :

Site Credentials:

Business & Technology websites:

Business research resources:

Products:

Investment Market IT websites:

Find out what you are worth:

Salary Calculator

Search for a job:

Recruitment Agency A-Z Directory

Accreditations:

Digital Publisher of the Year 2010

Microsoft patches 'evil' bug

Share this:

RIM Playbook OS 2.0 and Blackberry 7.1 video demo

Nokia Lumia 710 video review