Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Weekly Microsoft Critical Security Issue

CmdrTaco posted more than 11 years ago | from the yet-another-choice-hole dept.

Security 518

An anonymous reader sent in linkage to a zd story discussing the latest Windows Security Patches including an especially nice hole letting Java apps gain total control of your machine and assist you in reclaiming disk space by, say, reformating your drive.

cancel ×

518 comments

Sorry! There are no comments related to the filter you selected.

First fucking bost! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5703556)

babyfuckers!

fp? (-1, Redundant)

Anonymous Coward | more than 11 years ago | (#5703565)

fp-Lou.iz?

First Post 2pm EST (-1, Redundant)

fprog (552772) | more than 11 years ago | (#5703569)

first post!

It's about time... (4, Funny)

slide-rule (153968) | more than 11 years ago | (#5703571)

... that my Java skills can be used for evil, rather than good. ;-)

Front Page news (0, Redundant)

Anonymous Coward | more than 11 years ago | (#5703572)

Yawn.. yet another security hole. FIRST thing in the morning. What am I supposed to POST?

Bring on some news please..

jvm (5, Interesting)

AbdullahHaydar (147260) | more than 11 years ago | (#5703575)

which virtual machine is it that caused this? The one before or after Microsoft added their own extensions? (which caused the whole MS-Sun lawsuit)

Re:jvm (4, Informative)

jhouserizer (616566) | more than 11 years ago | (#5703599)

It's MICROSOFT'S JAVA IMPLEMENTATION.

The problem is NOT Java.

The problem is (and always has been) Micro$oft's purposely broken version of Java.

Re:jvm (5, Insightful)

fervent_raptus (664099) | more than 11 years ago | (#5703723)

I doubt Microsoft would intentionally break their over version of Java. Of course they want to make Java look bad, but creating holes in their own version would simply cause people to switch to Sun's version.

Re:jvm (1)

jhouserizer (616566) | more than 11 years ago | (#5703752)

Excacly how many Windows users (that aren't Java developers) have switched to Sun's version, rather than just turning off all Java support?

I'd guess the number is very near ZERO.

Re:jvm (3, Insightful)

Andrewkov (140579) | more than 11 years ago | (#5703792)

My company has an e-commerce site that our customers use to place orders, check stock, pick up invoices, etc. The app has many Java applets, and requires the Sun Java-Runtime, so we install it on all their PC's, so some people are using it!

Re:jvm (1)

Osty (16825) | more than 11 years ago | (#5703835)

Excacly how many Windows users (that aren't Java developers) have switched to Sun's version, rather than just turning off all Java support?

I'd guess the number is very near ZERO.

I'd guess you're correct. Why? Well, 99.995% of all java applets on web pages are horrible wastes of time (the best I've seen are DSLReports' Java tools, and even those are pretty flakey and barely useful). At the same time, Java for client-side applications is fairly aborted. Unless you're a Java developer, you're probably never going to use an application written in Java (and if you are a developer, usually the only Java-based app you use is your choice of IDE).


Java may be great on the server side, but it's a waste of time on the client side. Can you blame users for not bothering to get Sun's version of the JVM?

Re:jvm (1)

pkunzipper (652520) | more than 11 years ago | (#5703826)

In March of 2002, Sun Microsystems sued Microsoft, alleging in part that distributing the Microsoft VM in Windows XP to customers who wanted it via the Web was not authorized by Microsoft's license and therefore constituted copyright infringement.
- Source
M$ built VM so that customers shoudl not have to turn to the web directly to have to find the Hava download, and they neglected to make Java a part of WindowS Update. Instead they built their own version so that it could still use the name Window$. This is where the bug is.

RTFA (4, Informative)

Dr. Bent (533421) | more than 11 years ago | (#5703613)

In the second paragraph:

The three warnings, all issued on Wednesday, involve the Microsoft Virtual Machine for running Java applets on Windows

So it's Microsoft's VM implementation...

Re:RTFA (1)

AbdullahHaydar (147260) | more than 11 years ago | (#5703684)

It's not as clear cut as that....Microsoft was calling it the Microsoft Virtual Machine from the first day they included it with Windows, even when it was 100% Sun.

But quickly fixed... (5, Informative)

pro-mpd (412123) | more than 11 years ago | (#5703581)

OK, so I hate MS for building unsafe software. But this time, I have to give them credit. I woke up this morning to my computer telling me that there was a critial update waiting to be installed, and it was this one. I read about the vulnerability on the web *after* installing the patch, so I am kinda glad that MS shoves updates down my throat.

Re:But quickly fixed... (5, Interesting)

ManUMan (571203) | more than 11 years ago | (#5703651)

One can be excited when they patch things this quickly. My real concern is to whether we will see tons of patches for forthcoming software. That is, will all of the talk of more 'secure' computing be just talk.

I certainly agree that Win 2k, XP, etc. all seem to have more security bugs than you can shake a stick at. Given the problem, the question is can MS make any sort of headway? Can they actually offer a product that will really be stable and secure? My theory is that we will know a lot more about the answer to these questions in six months. If Win 2003 server has 18Mb of patches in the first 6 months then we will know the answer. Personally, I am hoping the start doing better.

Re:But quickly fixed... (1)

old7 (564621) | more than 11 years ago | (#5703755)

And what about the time that the "fix" breaks more than it fixes. Microsoft has done this more than once. Old7

Reformatting my hard drive (5, Funny)

s20451 (410424) | more than 11 years ago | (#5703583)

That'll work out great. I just downloaded the RH9 ISOs.

Re:Reformatting my hard drive (1)

ManUMan (571203) | more than 11 years ago | (#5703672)

I downloaded RH9 last week. Nice kiddies; however, I have already started downloading updates and security patches.

Re:Reformatting my hard drive (1)

buswolley (591500) | more than 11 years ago | (#5703766)

A great java bug would cause the infected computer to download the Mandrake iso's and perform the install after the disk format..
if a virus of this sort were possible, and bandwidth bigger it would be interesting to see a rampant virus of Penguins.

Re:Reformatting my hard drive (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5703793)

ignorant asshole

Like XBill? (1)

runlvl0 (198575) | more than 11 years ago | (#5703858)


if a virus of this sort were possible, and bandwidth bigger it would be interesting to see a rampant virus of Penguins.

You mean, like in xbill [xbill.org] ?

Re:Reformatting my hard drive (0)

Anonymous Coward | more than 11 years ago | (#5703821)

and now you'll get weekly updates from Red Hat ;-). at least I do.

I don't think we can be too critical, actually. (4, Interesting)

caluml (551744) | more than 11 years ago | (#5703584)

It hasn't been too nice for Open Source recently though has it?

Couple of remote roots in Samba, a local ptrace in the kernel and a few OpenSSL probs to get you on the system initially.

Re:I don't think we can be too critical, actually. (1)

rf0 (159958) | more than 11 years ago | (#5703735)

And apache DOS, Sendmail holes...Point well taken

Rus

Re:I don't think we can be too critical, actually. (1)

AgentUSA (251620) | more than 11 years ago | (#5703763)

Gentoo has put out 61 security alerts so far this year.

Hmm... (1, Insightful)

M.C. Hampster (541262) | more than 11 years ago | (#5703589)


Oh, you mean the vulnerabilities that I've already patched?

Thank Goodness... (2, Funny)

Anonymous Coward | more than 11 years ago | (#5703590)

They don't run sendmail! Can you imagine having to keep up with patching Windows AND sendmail?!

Hmm... (4, Interesting)

Anonymous Coward | more than 11 years ago | (#5703592)

Doesn't it seem just a little strange that the Java VM, which MS removed from XP until it was forced to reinclude it by court order (still under appeal, I believe), has a critical security hole found?

The timing seems a little too good to be true...

Re:Hmm... (4, Informative)

jhouserizer (616566) | more than 11 years ago | (#5703627)

Actually the court order is to put Sun's version of the JVM into Windows - exactly to fix this type of stupid problem.

JDK (5, Funny)

WPIDalamar (122110) | more than 11 years ago | (#5703598)


Good thing Microsoft JRE is so broken, that all exploits ended up not working!

Write once, debug everwhere.

Re:JDK (1)

JUSTONEMORELATTE (584508) | more than 11 years ago | (#5703720)

Write once, debug everwhere.

That's copyrighted by Symantec -- it was the ad tagline for the debugging component of Visual Cafe.
I don't think they knew how funny it was, but I had it on my cube wall for a time (1998-1999 era)

--

Ok (2, Insightful)

MisterFancypants (615129) | more than 11 years ago | (#5703606)

Ok well Linux users have been hammering on the "Windows is insecure" thing for what -- 6 years now? And Windows' market share is as good as it ever was, perhaps even a bit better. Time to try a new strategy? This one is getting boring!

Re:Ok (-1, Troll)

garcia (6573) | more than 11 years ago | (#5703650)

what in the hell are you talking about? We have been over this 1000s of times.

1. Windows is PROVEN to be more insecure than alternative OSs (including Linux).

2. Windows is FORCED upon users due to monopoly status by MS.

3. Because Windows has such a dominance in the marketplace (in which a good majority of its users are not "good" with computers) it is far more dangerous for a problem to come about on Windows than any other OS.

Re:Ok (0, Offtopic)

sheldon (2322) | more than 11 years ago | (#5703705)

"You know you are famous when you have your very own stalker [slashdot.org] "

I have like a dozen stalkers on slashbot.

Anyway, I'm assuming your post was a troll because I can't imagine anybody being stupid enough to really believe those claims.

Re:Ok (-1, Flamebait)

Xerithane (13482) | more than 11 years ago | (#5703816)

2. Windows is FORCED upon users due to monopoly status by MS.

Yeah, because this one time, at band camp, I tried to install OS/2 Warp on my laptop, and this guy, he like came out of the bushes, and he said, you know, you better not do that, because if you do, I'll kill this puppy. Then he handed me a copy of Windows 98 and made me install it while he held a gun to a cute little puppies head. After he left I tried to install OS/2 again, and the next day I found a puppies head in my mailbox.

Mr. Garcia, you are a fucktard. Also, please go look up the definition to the worsd, "Proven" and "Forced" as I do not think they mean what you think they mean. You may also go to a community college and get a decent grasp on the English language, and do us all a favor.

Re:Ok (1)

cyb97 (520582) | more than 11 years ago | (#5703838)

how is it proven to be more insecure ?
Not trying to be flaimbait or anything here, but I'd like to see some evidence. Every where I turn I see somebody up on their soapbox shouting about this insecure Windows...
I myself use non-microsoft operatingsystem not because of security, but another reason to add to my list would be great (with proof of course)...

Re:Ok (0)

Anonymous Coward | more than 11 years ago | (#5703667)

Well, Windows is insecure for 6 years and running. Open your eyes, its not about market share for Linux.

Hit the monkey and win $$$! (1, Troll)

Seehund (86897) | more than 11 years ago | (#5703614)

So? Does this mean that they have found Java applets on the web that actually are not intended to be malicious?

Oh joy! Cha-ching!! (2, Insightful)

pair-a-noyd (594371) | more than 11 years ago | (#5703615)

More *bad* flaws in winblows!!
Mo money for me! Everytime this happens I go out and patch up my customers. Cha-ching, cha-ching!

And I always offer and *suggest* that they go with Linux but they are *afraid* of change.
They would rather live in fear and subserviance than live in security freedom...

Go figure..

Re:Oh joy! Cha-ching!! (2, Insightful)

fubar1971 (641721) | more than 11 years ago | (#5703846)

...security freedom...
Not that I love M$, but it seems that your bashing Micro$haft unjustly. Linux seems to be pumping out even more fixes and patches than old Billy boy's crappy product.

It seems like for the last month or so I have received at least 2 RedHat erratas a day, and the majority of them are for security reasons.

For my RedHat email server, there have been 98 updates put out by RedHat and the Linux community. Of those 98, 16 were bug fixes, 4 were enhancements, and 78 were for security concerns. On my W2K workstation, I have installed 12 hotfixes and 3 service packs

Linux enthusiasts like you that bash Microsoft without knowing what you are saying make the entire Linux community look bad. Instead of bashing them, we should at least praise them for responding quickly (this time), once the bug was found.

People who throw stones....

Re:Oh joy! Cha-ching!! (0)

Anonymous Coward | more than 11 years ago | (#5703851)

Seriously...Linux can be just as insecure as Windows. I hate when THAT is shoved down people's throats.

BTW - I use Linux & Windows so I have no loyalty either way. I just wanted to make a point.

Not quite true... (4, Insightful)

presroi (657709) | more than 11 years ago | (#5703617)

I don't agree with the intention of the message. While it is true that this bug allows the execution of commands, it does this only with the rights of the owner of the user account. In Unixian, this is not a remote root exploit.

Nevertheless, my last sentence becomes quite irrelevant, as Windows user tend to work as $root.

Re:Not quite true... (1)

st0rmcold (614019) | more than 11 years ago | (#5703659)


In that case you can't fully blame m$, as you wouldn't blame a unix manufacturer if a unix admin was always running root, and a small bug could prove to be disasterous.

Formatting bad?? (-1, Redundant)

Archangel Michael (180766) | more than 11 years ago | (#5703620)

You know, reformatting a drive that has Windows on it isn't necisarrily a bad thing. It just allows us to deploy Linux much quicker to the desktop. ;-)

Re:Formatting bad?? (0)

Anonymous Coward | more than 11 years ago | (#5703666)

YUO = TEH FUNNEY!!!!!!!!!!!!!!11!!!!!!!!1111111 LOLOLOLOLOLOLPENIS

Re:Formatting bad?? (1)

ChaoticChaos (603248) | more than 11 years ago | (#5703741)

Linus? Is that you?

And in other news... (3, Insightful)

purduephotog (218304) | more than 11 years ago | (#5703625)

... I've received about 30 RHN "Security Updates" via email in the last 2 weeks... and their servers are slammed so that I can't download a single one of them.
Would this be considered Microsoft bashing? Nahhhhh....
But of course I won't mention that windows Update is free and it worked immediately after I got notice of the patch.

Re:And in other news... (1)

greenskyx (609089) | more than 11 years ago | (#5703712)

>But of course I won't mention that windows Update
>is free and it worked immediately after I got
>notice of the patch.

You also won't mention that if you paid $60 (1 year or $5/month) for your RHN subscription you would have been able to download the rpms without any problems.

Also if you wanted to continue to be a freeloader you could have got the rpms off a mirror site like freshrpms.

You should also mention how much you paid for Windows or how much you had to pay from it when it came bundled with your Dell... It is most likely more than $60....

Re:And in other news... (1)

frank_adrian314159 (469671) | more than 11 years ago | (#5703728)

RHN "Security Updates"... and their servers are slammed so that I can't download a single one of them.

Really? I've had no problem whatsoever. up2date seemes to grab them fine for me. Then I can ship them to whichever machine I want to.

Must be your network...

Re:And in other news... (1)

Seehund (86897) | more than 11 years ago | (#5703731)

OTOH, you paid for Windows (didn't you? ;)) which includes Windows Update access. If you paid for an RHN subscription, you wouldn't be locked out of RHN via up2date when load is high. You can still log in to your personal RHN page and select/download/install the updates manually, even with the free service.

Re:And in other news... (1)

fyrie (604735) | more than 11 years ago | (#5703799)

I'm pretty much used to getting multiple RH notifications every day. At least Bill Gapes keeps his down to a few a month.

Re:And in other news... (0)

Anonymous Coward | more than 11 years ago | (#5703833)

You're conveniently ignoring that Redhat's updates are for ALL >1000 packages installed on the system. Microsoft's are for WINDOWS OS only!
A better comparison would be how often do you receive a patch for the linux OS vs Windows OS.
Look troll, if you are gonna rag on linux at least do some research.

Re:And in other news... (0)

Anonymous Coward | more than 11 years ago | (#5703842)

It's not free for those of us with cracked XP professional running on our boxes. (unless someone can help a brotha out?)

Re:And in other news... (1)

spacefight (577141) | more than 11 years ago | (#5703845)

Similar to the other poster: You still can grab all the updates for your affected system directly via the provided links in the RHN Alert mail and load them via rpm -U or whatever you like.

Re:And in other news... (1)

div_2n (525075) | more than 11 years ago | (#5703862)

Are you so sure that ALL of them are security updates? I see ones that are bugfixes go buy occasionally.

Now... (-1)

DrWhizBang (5333) | more than 11 years ago | (#5703633)

one can write an exploits for Microsoft operating systems that can run on unix as well - without a recompile!!!

Well, darn. (1)

LemurShop (585831) | more than 11 years ago | (#5703637)

Ans here i was thinking that java apps just bothered to slow my box down to a halt, crashing every program in sight and just being a total pain in the ass and a memory hog. *meany* :)

Java isnt ment to work on browsers any more, (i could argue that it was never ment to work on any browser, ever, but mayhaps another time). Many geeks i know keep java turned off alltogether. But hey, a reformat sounds pretty good right now...

Re:Well, darn. (1)

mysterious_mark (577643) | more than 11 years ago | (#5703856)

Just stop whining and get the latest JRE from Sun, alo you can compile your java apps into native code, sounds like your spreading MS anti-java propoganda. MM

Finally! (2, Funny)

Anonymous Coward | more than 11 years ago | (#5703639)

/* sarcasm */

Finally someone wrote something to get rid of all that spyware thats installed itself on my system! Thank you MS!

How about "Weekly whingeand moan about MS" instead (1, Flamebait)

Pvt_Waldo (459439) | more than 11 years ago | (#5703640)

As tiring as the updates are, it's even more tiring to hear the same old whinging about MS.

Re:How about "Weekly whingeand moan about MS" inst (1)

ChaoticChaos (603248) | more than 11 years ago | (#5703670)

Bill? Is that you?

Help me out here (3, Insightful)

The Bungi (221687) | more than 11 years ago | (#5703642)

Every time I head on over to SecurityFocus or even some of the Linux sites that aggregate feeds from security sites I see a bunch of Linux and BSD - and all manner of open source software - holes, exploits and vulnerabilities. They apparently get reported and patched with the same speed as the Microsoft (and other platform) security problems. So why isn't there a "Weekly Linux Critical Security Issue" as well?

Just curious. I mean, if the intent is to inform.

Re:Help me out here (-1, Troll)

sheldon (2322) | more than 11 years ago | (#5703676)

You're right... Last year Readhat issued nearly twice as many security bulletins as Microsoft.

I'm increasingly convinced that Linux is dying off. The lies and distortions we are seeing on slashbot have become more and more desperate over the past two years.

Re:Help me out here (1)

stratjakt (596332) | more than 11 years ago | (#5703807)

Not only that, I've noticed that work on open source projects has slowed to a crawl since the dotcom bust.

I figure people realized that the 1) something with computers 2) ? 3) profit! business model doesnt work.

Many major OS projects just seem to be dead in the water, and havent seen a new major release in months/years. I remember when there was some new and major update for something weekly.

Oh well, let's you and I just take our troll and flamebait moderations and move on.

Re:Help me out here (0)

Anonymous Coward | more than 11 years ago | (#5703854)

You see what you want to see.

Re:Help me out here (1)

LemurShop (585831) | more than 11 years ago | (#5703682)

despite a severe lack of research on my part i have to doubt that windows security problems are patched as fast as linux/bsd security problems. (not to mentions comparison of severety between vulnerabilities). But thats just me, Linux Zealot, pissing in the wind. :)

Your sig (0)

Anonymous Coward | more than 11 years ago | (#5703730)

says it all.

Re:Help me out here (1)

Telastyn (206146) | more than 11 years ago | (#5703812)

From my experience Slashdot is pretty good about posting about any remote root exploit. Not their fault that most windows exploits tend to be of a severe type. [despite the fact that there are far fewer]

Because when you have a lamb and a wolf (0)

Anonymous Coward | more than 11 years ago | (#5703823)

You watch the wolf more closely.

More Anti-MS FUD! (3, Funny)

Anonvmous Coward (589068) | more than 11 years ago | (#5703646)

Geez guys, why can't you go a day without publishing anti-MS crap! Don't you think that if this were really a problem that people'd be aff.... K(R*AB(*D [NO CARRIER]

hard disk could be formatted? ok (2, Funny)

SourceHammer (638338) | more than 11 years ago | (#5703649)

One of the vulnerabilities in the VM if exploited could allow your hard disk to be formatted. Well, that takes care of that problem.

Dilemma. (5, Funny)

Anonymous Coward | more than 11 years ago | (#5703654)

So I now have two options.

* Let baddies in at their will.
* Run Windows Update, expose my machine to Msoft, sign away my soul through the patch EULA.

Help!

Re:Dilemma. (1, Insightful)

Balise42 (602049) | more than 11 years ago | (#5703787)

Third option * Format Windows, install Linux. No less security flows, but no intrusive EULA.

This just in... (4, Funny)

Znonymous Coward (615009) | more than 11 years ago | (#5703668)

From the office of Iraqi Information Minister Mohammed Saeed al-Sahhaf (aka Baghdad Bob):

"Lies all Lies! The infidel Linux computers are not secure. The coilation will fall in the wake of the mighty secure Microsoft operating system!"

More at 11.

Re:This just in... (1)

Nethergoat (597008) | more than 11 years ago | (#5703780)

The coilation will fall in the wake of the mighty secure Microsoft operating system!

To which coilation do you refer? The Sudan Slinky Society? The Tunisian Tessla Turban-bearers?

Oh wait, I'm sorry, it's probably just the accent..

Microsoft saw this one coming (1)

Nethergoat (597008) | more than 11 years ago | (#5703671)

Hence java support not being built into XP?

We should ask a MS rep whether the java thing was actually to help clamp down on their monopoly, or if it's merely a result of their unwillingness to implement it securely.

"I'm sorry sir, but we don't make and/or sell coffee."

Not overly suprising (4, Insightful)

dtolton (162216) | more than 11 years ago | (#5703674)

As the main post points out this is pretty much a weekly news release from Microsoft. It's interesting because in some ways I get suprised by the severity of the bugs such as allowing a huge hole in the Java VM, that would allow someone to format your hard drive or a bug in Proxy Server that would allow a single mal-formed packed to max the CPU at 100%. On the other hand I'm suprised Microsoft doesn't have more of these bugs.

I think this is where the philosophical differences of Open Source Software really make a big difference. Even though OSS still has bugs, the live testing cycle is un-paralleled. However I think the biggest difference boils down to this: there is no one saying we have to have this product out the door by XX date. Rather it becomes stable when it's ready, but you can use the development version if you need or want.

As the lines of code in software grows and the complexity increases, I think we will see a greater number of more sever bugs in closed source systems. Ultimately I believe this will be one of the critical factors leading to OSS's long term success.

apps and applets (1)

Fujisawa Sensei (207127) | more than 11 years ago | (#5703675)

Java apps

That's applets, not apps. as in applications. Applets are supposed to run in you're web browser's "sandbox" and not have access outside the browser to any system other than the one that it originated from. Applets can be signed and granted greater access.

Applets are under no such restrictions and can do what they want.

Applets, not apps. (3, Informative)

vidnet (580068) | more than 11 years ago | (#5703681)

Big difference. Apps have total control by default, while applets are supposed to be harmless.

I don't understand... (3, Insightful)

NetCurl (54699) | more than 11 years ago | (#5703688)

I can honestly say that it baffles me as to why Microsoft continues to hold such a huge stake in most of the computing world. I don't understand why people continue to digest what is carelessly tossed out of Redmond, WA.

I can understand the need for an array of software unavailable on any other platform (though, what percentage of that software is actually GOOD software?), and the platform standardization issues, maybe even "ease" of use, but honestly, the security and ridiculousness of the MS platform, ideology, and disregard of standards make me sick.

What is the continuing allure? Do you really not mind running machines that are completely insecure? And how can they not fix their own NT 4.0 code? That's absurd. They pitch this solution for years, and bail when the cost to fix their crap gets too high.

I'm not trolling, I'm baffled. Someone tell me why this continues?

Re:I don't understand... (0, Troll)

stratjakt (596332) | more than 11 years ago | (#5703733)

Because linux is no more secure, despite what you read here on slashdot or other zealot forums.

The samba root exploit, and the ability to brute force the root password via swat, went a decade without being patched. They were exploited endlessly.

The 'thousand monkeys at a thousand keyboards' approach to Open Source software is no more effective than piecewise regression testing at a commercial house.

In short, Windows still dominates the desktop because security-wise, there's nothing else for the x86 architecture to beat it, and feature-wise, it reigns supreme.

Man, they're makin' it easy! (2, Funny)

jpsst34 (582349) | more than 11 years ago | (#5703701)

"...and assist you in reclaiming disk space by, say, reformating your drive."

Well, that takes care of the wicked-long step 1 in uninstalling windows and installing linux! [linuxworld.com]

That is, of course, if this vulnerability affects the version I'm running - Windows Herpes Edition.

Let the Slashdot Madlibs Begin. . . (5, Funny)

Fritz Benwalla (539483) | more than 11 years ago | (#5703706)


Let me save many of us some time:

"Well here we go again. A gaping security hole in Microsoft [ Operating System ]. This never would have happened if Bill Gates weren't just trying to make more money so he could buy more [ plural noun ] to fill up his mansion in [ place ]

This is just one more reason why [ circuit court ] should [ verb ] that [ expletive ] company once and for all.

[ Unix-based operating system ] only had this problem [ number ] in it's entire history, and there was a patch posted in under [ number ] minutes!

[ Text-based word processor ] rulez! Micr- [ Insulting variation on 'soft' ] is the [ Traditional evil diety ]!"

-----

Re:Let the Slashdot Madlibs Begin. . . (1)

usotsuki (530037) | more than 11 years ago | (#5703850)

Here goes (LOL)

MS-OS/2, suicide bombers, [...], shoehorn, mf-ing, AtheOS, 6, 13, NewWord for CP/M-86, slush, Sett

*g*

-uso.
All randomly chosen, with no reference to reality.

i'm okay (4, Funny)

misterhaan (613272) | more than 11 years ago | (#5703708)

see, this is why i print out all of the data on my hard drives in binary every weekend.

Re:i'm okay (1)

RealErmine (621439) | more than 11 years ago | (#5703829)

Binary? That's lunacy!

You should try unary. If you use compression the ratio is fantastic!

This is Serious (1)

kietscia (149772) | more than 11 years ago | (#5703714)

"The Virtual Machine (VM) flaw is the most serious, meriting a "critical" rating from Microsoft."

Given their past record, the fact that M$oft considers this "critical" implies that one of the following is now extremely likely:
  1. Ice skate sales in Hades will now be profitable
  2. I will win the lottery
  3. The universe will implode into a pool of pink pudding

Amazing (1)

watzinaneihm (627119) | more than 11 years ago | (#5703721)

One more of those bugs which can crash your computer because you viewed a webpage.The irony is that the update link tries to do an update through a webpage.ie you connect to MS website and it checks your computer through IE and does an update.(it does give me a warning though)
When will microsoft(and others) understand that browsers are http clients and not meant to be used as means of running arbitrary code on a client machine, however secure it might be . The least you can do is to tell the client that code is being run on their machine.

Yes but ... (2, Insightful)

Mr_Silver (213637) | more than 11 years ago | (#5703747)

and assist you in reclaiming disk space by, say, reformating your drive.

<reality check>

Until someone actually writes a massivily spreading virus/worm that jumps from Windows PC to Windows PC doing precisely that (formatting hard drives) - people are just going to patch it and not even think about changing OS.

Hell, most people probably won't even patch it. What doesn't affect them, they don't care about.

</reality check>

So Happy It's Thursday (4, Funny)

wowbagger (69688) | more than 11 years ago | (#5703764)

Well, it is now officially Thursday. Aa I've said before, I think there should be an
Official
So
Happy
It's
Thursday for announcing MS holes.

This is great! (2, Funny)

rsilvergun (571051) | more than 11 years ago | (#5703768)

"...assist you in reclaiming disk space by, say, reformating your drive." I've been looking for a good disk partitioning tool, and along comes Microsoft to help me out. Anyone know if a Linux port is in the works?

RH's Advisory of the Day? (1)

foo fighter (151863) | more than 11 years ago | (#5703794)

My Red Exclamation Mark has been lighting up much more frequently in the past couple months than my Automatic Update Icon.

Just an observation.

Bad Idea (1)

mysterious_mark (577643) | more than 11 years ago | (#5703800)

So maybe requiring MS to ship the OS with a JVM is a really bad idea! if course their jvm has always sucked anyway, better to get the latest JRE from Sun. I'm sure M$ will blame java rather than their own incompetence for this. MM

Hey... (1)

Schnapple (262314) | more than 11 years ago | (#5703803)

...at least they're down to one a week now.

who works for microsoft? (1)

unigeek (663856) | more than 11 years ago | (#5703810)

OK, I am sure there are intelligent people working at microsoft. I do not use windows (except for gaming), and I am tired of seeing of the problems. Anyone who has been in a decent computer science program or has experience knows better on coding. I know linux is alot more secure so why can't they get it right? Who is leading them? I bet the help desk workers at MS are pushing the bugs into production so they can justify their existence. I mean this has to cost them alot of money (even after recoping tech support to fix their own errors), fix things already.

Re:who works for microsoft? (0)

Anonymous Coward | more than 11 years ago | (#5703860)

Shut up slashbot, you have nothing to add to this conversation, have never coded anything, and have no idea what you're talking about.

You're a sycophant, plain and simple.

Pre-emption (2, Funny)

mysterious_mark (577643) | more than 11 years ago | (#5703824)

This clearly is a bug of 'Mass Destruction', the only thing a responsible democracy can do is invade Redmond, and pull down Bill Gates statue, Is the 10th infanty div still busy? MM

Hmmm..... (0)

scourfish (573542) | more than 11 years ago | (#5703841)

No, this is a good thing. You see, the only way Sun is going to be able to compete with Microsoft's .net implementation is if they have a special Java runtime environment designed to mimic .net's features, right down to stability and security. Don't you see, Microsoft is doing Sun a favor.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>