- Tuesday, 10 November 2009
- INQ Mobile
- RSS
I have opinions of my own - strong opinions - but I don't always agree with them - George Bush
Microsoft patches 'evil' bug
Nibble
Kernel clunk
Wednesday, 11 March 2009, 13:46
MICROSOFT HAS REPAIRED has repaired a kernel bug in Windows which was dubbed evil by insecurity experts.
The patch, MS09-006, fixed a vulnerability in the kernel which meant that all a victim had to do was look at a webpage to be infected.
MS09-008 fixed four separate flaws in Windows' DNS and WNS servers and Microsoft tells us it is very important.
L'Inq
VNUNet
Share this:
Share
Advertisement
Subscribe to the INQ Newsletter
Sign-up for the INQBot weekly newsletter
INQ Whitepapers
Business Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
Jobs
Advertisement
INQ Poll
Although Update Might Be light, Another Thing to Do On Patch Tuesday Is Address All Compromised Partitions With Extra Hard Registury Cleaner, Try msn tech downloads for sample, Removed 6,710 of Buggers just Yesterday. Defrag & Try to Unblock partition thru computer on wporking partition.Speedo UP Memory. Its Simple & Every 4 Months Spending Day Trying Everything including Restore & NewsGroups is way to spend Sunny, Not HOT, Afternoon. Might Pick UP Some REAL Space.AdViseMent By: drashek
"The patch, MS09-006, fixed a vulnerability in the kernel which meant that all a victim had to do was look at a webpage to be infected."
I'm guessing that a victim had to be using Internet Exploder for this to be an issue - which should be the ONLY browser out there with security holes to the kernel.
Why any user would expose their system to such ugly security holes by using IE is way beyond me...
HB
@Hucklebuck:
Well guess what, not every security hole can be circumvented by using Firefox because Firefox also has to use GDI to draw content and the bug is in the GDI passing unvalidated input to the kernel mode (or as some would say "to the other side of a fence").
http://www.microsoft.com/technet/security/bulletin/ms09-006.mspx
Wasn't it a couple of months back that Safari for Windows was doing the same thing you are accusing IE of? That browser would download and automatically run all applications from the net without user authorization, and run them administratively
Bugs (and hackers) have to live,too. Bugs, and the opportunistic viruses that cohabit with them, gravitate toward financially-nutritious places riddled with holes and tunnels in which they burrow deep inside, hiding and gorging themselves and their masters.
Microsoft Windows operating systems are designed to fill all these requirements, and thus are natural habitats to a menagerie of various bugs and viruses.
It is not the bug's fault. If you happen to be bug-allergic, use Linux.
It's actually obvious. Firefox, IE, Opera, Safari, etc. All have vulnerabilities, hell Firefox and IE have the most. And yes, Firefox does have them.
At least Microsoft made a good move with it.