 |
« Microsoft, Novell and the big SCO Group ruling | Main | Microsoft licenses out its 'audio watermark' research »
Microsoft's August security patches, released today, provide a new chance to assess the company's promise of higher security in Windows Vista. The company released six critical security bulletins, and Windows Vista is among the versions affected by three of them.
Two of the critical bulletins involve earlier Windows versions, but not Windows Vista, suggesting that Microsoft avoided those problems in the new operating system.
But one of the three bulletins with the lower ranking of "important" affects Windows Vista alone. And it's an interesting one, dealing with RSS feeds and Windows Vista Gadgets. Here's the executive summary:
"This important security update resolves two privately reported vulnerabilities in addition to other vulnerabilities identified during the course of the investigation. These vulnerabilities could allow an anonymous remote attacker to run code with the privileges of the logged on user. If a user subscribed to a malicious RSS feed in the Feed Headlines Gadget or added a malicious contacts file in the Contacts Gadget or a user clicked on a malicious link in the Weather Gadget an attacker could potentially run code on the system. In all attack vectors, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights."
Gadgets are the small applications on the Vista desktop that provide snippets of information such as the time, weather and news headlines. Microsoft credits Aviv Raff of Finjan and Joshua Drake of iDefense Labs for finding elements of those problems.
One of the other "important" bulletins involves Windows Media Player, in Windows versions including Vista. And the third involves Virtual PC and Virtual Server.
Windows users who don't have Automatic Updates turned on can go to this page to download the patches for all the flaws. Mac and Linux users can commence with the obligatory comments below.
! Login below to post a comment.
Unregistered users, sign up now
Or post anonymously (About this feature)
P-I reporter
Have a news tip or a comment? E-mail me or call directly, 206-448-8221.
I think taking a larger share of Facebook would be a good move. Facebook is preparing itself to be the platform of the web and this is exactly what MS needs. Also incorporating facebook services with outlook and hotmail could be extremely useful. Unfortunately, a complete buyout would put MS's name behind the service which could turn users away (as fickle as young people are) so, like the previous 250 million investment, it would need to be quiet."
· Vista at One Year: Progress and Pain
· Computer shop's sales pitch: 'We remove Vista'
· Full text: Microsoft execs on Vista problems
· All stories and posts
Our interactive timeline analyzes three decades of key documents to provide a scrolling snapshot of the issues at the center of Microsoft's consciousness across the years.
| July 2008 | ||||||
| S | M | T | W | T | F | S |
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 | 31 | ||
Recent entries
· Ex-Microsoft manager sentenced to 22 months
· Ex-Microsoft manager asks judge for leniency
· PS3 sales rise on Metal Gear Solid 4 demand
· Microsoft profits miss Wall Street estimates
· E3: The 'Halo' news that didn't happen?
· Report: Microsoft, Time Warner discuss AOL deal
· Sony confirms shift to single PS3 model
· E3: PlayStation video store will link to PSP
RSS/Web feeds (help)
News and information
· WinInfo
· Microsoft Watch
· Directions on Microsoft
· WinInsider
· ActiveWin
· KOMO News: Microsoft
· NetworkWorld: Microsoft
· Google News: Microsoft
· Yahoo News: Microsoft
· Microsoft Research News
· Microsoft PressPass
· Channel 9
· Anti-Microsoft News
· NewsForge: Linux News
· Linux Today
· Mac News Network
· Mac Daily News
· Washington Post Filter
· G.M. Silicon Valley
· OS News
· Gillmor Gang
Blogs about Microsoft
· Mary Jo Foley: All About Microsoft
· LiveSide.net
· Microsoft Monitor
· Unofficial MSFT Blog
· IW Windows Weblog
· Xbox 2 Blog
· Inside Microsoft
· CNet Microsoft Blog
· Bink.nu
· Long Zheng, istartedsomething.com
· Beyond Binary, Ina Fried of CNet News.com
Computer Security
· Microsoft Security
· Wash. Post Security Fix
· Microsoft Security Response Center Blog
· Be Careful Out There
· Security Awareness Blog
· Bruce Schneier's Blog
· eWeek Security News
· Larry Seltzer
· Symantec Security Resp.
· McAfee Virus Information
· CNet Security Blog
· Security Focus
· Kaspersky Lab Analyst's Weblog
· Michael Howard (MSFT)
· Stephen Toulouse (MSFT)
· Network World Security
· Planet Security
Microsoft employees
· Employee Blog Portal
· MS Watch List
· S. Somasegar
· Raymond Chen
· Dare Obasanjo
· Brad Abrams
· Heather Hamilton
· Korby Parnell
· Matt Goyer
· Don Box
· Chris Anderson
· Joshua Allen
· Chris Sells
· John Porcaro
· John Montgomery
· Kevin Schofield
· Rick Schaut
· Marc Miller
· Sean Alexander
· Larry Hryb
· Jobs Blog
· Greg Roth
· Harry Pierson
· Mini-Microsoft
Search-related sites
· John Battelle
· Greg Linden
· Unofficial Google Blog
· Yahoo! Search Blog
· MSN Sandbox
· MSN Search Weblog
· Google Blog
· Search Engine Lowdown
· Search Engine Watch
· Google Like a Hawk
Browser-related sites
· Internet Explorer team
· mozillaZine
· Surfin' Safari
· Opera news
· Browser News
Technology Weblogs
· Robert Scoble
· Paul McNamara
· Dwight Silverman
· Charlene Li
· Joel Spolsky
· Engadget
· Gizmodo
· Corante Apple Blog
· Amy Wohl
· Dan Gillmor
· Simon Phipps
· Buzz Andersen
· Chris Seper
· Hiawatha Bray
· Paul Andrews
· Doc Searls
· Chris Pirillo
· Campbell & Swigart
· Longhorn Blogs
· PDC Bloggers
Antitrust info
· FindLaw: Microsoft
· DOJ Microsoft site
· Microsoft legal site
· Findings of Fact
· ComputerWorld Report
· Sun legal page
· Dan Kegel's antitrust site
Additional sites
· Google Microsoft Search
· About Microsoft
· Microsoft User Network
· Tablet PC Buzz
· Living Without Microsoft
· Lockergnome
· WSA
· WashTech
· CyberLodge
· Microsoft Permatemps
· Apache Foundation
· Librenex
· Electronic Frontier Foundation
· There's no stairway to heavens? Take the elevator
· Ex-Microsoft boss sentenced
· Microsoft bets more online
· Yahoo blasts Microsoft acquisition effort as 'stupefying'
· Lawmakers look into Yahoo-Google ad partnership
· Netflix to stream live on Xbox 360
· Icahn again takes aim at Yahoo board
· Software Notebook: Microsoft, Sony seek to surpass convention buzz for Nintendo
· Xbox cost dropped to free shelf space
· The Insider: A few bumps on the road to Vista satisfaction
· Tensions escalate as Yahoo rebuffs latest Microsoft proposal
more
· Web networking photos come back to bite defendants
· Web networking photos come back to bite defendants
· Venture capitalists still investing at steady pace
· VC investment hold steady in 2Q at $7.4 billion
· Venture capitalists still investing at steady pace
more
101 Elliott Ave. W.
Seattle, WA 98119
(206) 448-8000
Home Delivery: (206) 464-2121 or (800) 542-0820
seattlepi.com serves about 1.7 million unique visitors
and 30 million page views each month.
Send comments to newmedia@seattlepi.com
Send investigative tips to iteam@seattlepi.com
©1996-2007 Seattle Post-Intelligencer
Terms of Use/Privacy Policy
Posted by unregistered user at 8/14/07 7:59 p.m.
Mac and Linux users can commence with the obligatory comments below.
2nd Bigest batch of bugs in 2007 over a weather bug, ha ha. Windows is not ready for the desktop.