Feeds

back to article IE, Windows server bugs likely to be exploited soon

Microsoft has released 13 updates that patch security holes in a wide range of its software offerings, including vulnerabilities rated critical in its Internet Explorer browser and Windows server operating systems. The bugs in IE make it possible for attackers to remotely execute malicious code when an end user does nothing …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Fish. Barrel. GAU-8A

Fish. Barrel. GAU-8A Avenger firing HEDP.

"...Windows Server 2008, including the most recent R2 iteration, which is regarded as one of Microsoft's most secure server operations systems ever. By setting up a malicious DNS server and getting a vulnerable system to query it from inside the victim's network, an attacker can take complete control of the underlying machine."

Too easy. Just too easy. Really, Microsoft, can you make it just a bit harder?

Another

Oh

So

Happy

It's

Tuesday

event.

1
5
Meh

Too easy?

So, you've known about these unpublished weaknesses for ages, and have developed binary exploit code which you've been sharing with your script-kiddy pals? Well done! With such sophisticated programming skills, you'll no doubt land a job soon with Cray computing.

As an aside, I've restarted my Vista-based laptop several times in the last 24 hours (it's now 00.05 Wednesday in Hungary) and I see no available updates from Windows auto-update yet. Maybe that should be "Patch Tuesday-ish"?

But then Windows Vista also prefers to ignore every input-power notification/action setting I can find or think of, and prefers to tell me about the intermittent connection at my laptop's power input by simply dying when it runs out of power. Sometimes I think that MS programmers devote lots of time writing code to work out what the user wants to do, just so that they can frustrate it.

3
0
Anonymous Coward

Well,

"one of Microsoft's most secure server operations systems ever. "

The key word for me in there is "Microsoft's".

2
1
FAIL

That easy?

"DNS server and getting a vulnerable system to query it from inside the victim's network,"

Set up a DNS server, then get the real servers to look up that server for resolution.

Exactly how easy is that? Last I knew most companies didn't use DHCP for servers!

Oh duplicate the IP address of the real server I hear you say.

No problem, kick in the door of the server room, unpatch the live server (ports locked down on switches) then patch in the new one.

Yup that won't be noticed.

0
1
Angel

Bring on your Microsoft battle rams!

I for one, welcome the supreme security of my windows server r2 workstations. Okay, I admit it's kind of unnerving that DNS resolutions could lead to remote code execution. Then again, whenever I write c++ code, it works right about half the time, one more rewrite/review gives you 75%, one more gives you 87.5, and so on. By the time you do 10 rewrites you got it up to 99.9% correct. Which is good enough for most people.

As of late I've been admiring some of Microsofts more successful recent ventures. Granted COM, DOS and most of the windii (plural of windows!) have been a little shaky, but some of the stuff that comes out of their thinktanks is pretty amazing. As a developer, there's no better source of tools and reference material than MSDN, and who-am-i-to-judge-the-cloud, but Azure delivers exactly what I expect of application oriented future.

I guess what i'm saying is that goo' ol' let's bash Microsoft head in, because they force sysadmins to support Office, Windows and Ignorant Users is a bit too simplistic.

3
1
Facepalm

>"windii (plural of windows!)"

Since when was "windows" not already a plural?

Yeah yeah, IHBT and all that, to which I can only respond with the Fry-can't-tell-if-trolling-or-just-really-dumb image macro.

1
0
Meh

"windii (plural of windows!)"

Why not? Let's suppose we're comparing Windows 95, Windows XP, Windows CE, etc. Will you insist that these are "different versions of Windows", and snub anyone who calls them "different Windowses" as I might? You're right that there's no etymological reason for "-ii" to represent such a double plural, but it's not an unreasonable coinage, in my opinion.

I wonder whether people who need to talk about sheep all the time would always refer to a Merino and a Blackface as "different breeds of sheep", or whether they might relax into "different sheeps"?

Answers from people who need to talk about sheep a lot will be appreciated; from those who just want to do so, less so.

0
0

Microsoft PR Blurb

"As of late I've been admiring some of Microsofts more successful recent ventures"

Which ones and successfully how?

"I guess what i'm saying is that goo' ol' let's bash Microsoft head in, because they force sysadmins to support Office, Windows and Ignorant Users is a bit too simplistic"

To what are you referring to here?

1
1
Silver badge

But...

...why are you surfing the net on your server? The only time you should using the internet browser on such a machine is to go directly to a legitimate site to download the relevant patches for your software.

0
0
Bronze badge
FAIL

DNS exploits in 2011?!

"The second critical update covers all versions of Windows Server 2003 and Windows Server 2008, including the most recent R2 iteration, which is regarded as one of Microsoft's most secure server operations systems ever. By setting up a malicious DNS server and getting a vulnerable system to query it from inside the victim's network, an attacker can take complete control of the underlying machine."

Seriously, do we have to proxy and firewall at application level each and every protocol Windows can use to even begin getting secure networks?!

"The vulnerabilities affect all supported versions of the Microsoft browser, including versions 8 and 9, which were rebuilt from scratch"

It looks more and more like it was "rebuild from scratch" the same way Vista and 7 were "rebuild from scratch".

0
0
FAIL

For "rebuild from scratch"

Read " Scratch re-build". And so it goes on........

1
0
Silver badge
Black Helicopters

IntelAIgent Space Ware for Great Intellectual Property Head Games....

...... AI Battles for the Hearts and Minds of Virtual Machines

"As a developer, there's no better source of tools and reference material than MSDN, and who-am-i-to-judge-the-cloud, but Azure delivers exactly what I expect of application oriented future." .... Gleb Posted Wednesday 10th August 2011 00:14 GMT

And that, Gleb, is Microsoft's fundamental problem to solve, and most easily with an immediate hire of new global thinkers who would be also orderly tinkerers ....for Azure should be delivering totally unexpected future oriented applications which all others will be bound to, and be sublimely led to, because of the excellence of their applications programming/bigger picture projects with Cloud Controls and Clouds Hosting Advanced Operating Systems Control, follow and support. And yes, all that it takes for global control of all systems, is one single server streaming smart semantic source supply to simple webs and complex networks, which for virtual master pilots of the Internet, flying sorties with intelligent payloads for delivery into search engines and onto browsers for exploitation of corrupt and perverse weaknesses and systemic vulnerabilities, are one and the same and a completely different novel field in which there is no viable and effective competing destructive opposition.

Such is a part of what NEUKlearer HyperRadioProActive IT is all about. I Kid U Not.

And it is well worth a ponder to have a wonder on what is an undeniable fact and an immaculate truth, that your maintenance of disbelief which would dismiss and/or ignore any or all of the above, both virtually and practically guarantees that it stealthily succeeds beyond its wildest dreams, and most certainly way beyond any of yours.

And for that would we be most grateful. Thank You.

1
0
This topic is closed for new posts.