What is becoming interesting is, how many of these are exploitable on XP?
For obvious reasons.
Flaws in Microsoft Word and Office Web Apps that allow hackers to execute malicious code on vulnerable systems have been fixed in Redmond's latest monthly batch of security bug fixes. In addition, two bugs at the kernel level of Windows XP and 7, and Server 2003 and 2008 R2, allow logged-in attackers to escalate their privileges …
For obvious reasons.
It tells you that if you bother to read the article....
Including which of the Office vulnerabilities are for Office versions that run under XP? I can't keep on my head which versions of Office runs under which version of Windows.
Don't forget Java 7 Update 51 which fixes numerous remotely exploitable holes.
I thought it was Java that is a remotely exploitable hole
@ Msr. P Monett - That did need saying
Good to see professional-grade software releasing important updates in a timely and manageable manner. No wonder Windows it the world's favourite operating system.
Smallest patch Tuesday I can remember for ages.
1 patch for XP/2003/7/2008R2
2 patches for 7/2008R2
1 for office 2007
1 for word 2003/2007
Should make for easy testing
I'm updating a fairly basic CentOS system at the moment, it's about a month since I last updated and it has 310 packages which need updating and 15 new ones which become dependencies.
Once again, Linux beats Windows.
How does that "beat Windows". Reads to me like the code was of *much* lower quality when it was first released. Still, not bad for an amateur effort I guess and probably OK for trivial uses.
Actually it's most likely because these CentOS updates are not primarily security updates, but an "point" upgrade to a new version. Similar to the Windows 8 to 8.1 "upgrade" only with a much smaller download size and the choice of virtually any UI you like either before or after.
Yeah, 310 packages sounds like CentOS 6.4 -> CentOS 6.5 to me. That is a sort of once or perhaps twice a year point update as AJ MacCleod says.
I'd usually expect the odd library and maybe a kernel update, oh, and Firefox if doing updates monthly.
CentOS 6 of course is Gnome 2.28 and will remain so for the rest of its life until around 2017/2020 (updates and then security only updates).
That would have been a joke, I would have thought that was clear.
The problem I seem to run into all the time as someone who is genuinely OS agnostic (I use pretty much all OSes, for whatever they're most appropriate for) if you say one is good at something, it's taken as some sort of slight against the others by their fans. If you make a joke about one OS, it somehow makes you a rabid fanboy for an other.
(That all said, I genuinely was updating a CentOS system that had those package numbers at the time.)
>Security holes in Word, the Windows kernel and Adobe Flash.
Hey look a headline from 2005. The more things change ...
... the more they stay in shame.
As long as Google is throwing rocks they might as well pitch a few in their own house.
ISSO alert for Chrome with several vulnerabilities that can allow remote code execution as the logged in user was issued today.
I am giving Google credit for actually having a security team and testing all sorts of different software.
My firewall log for this afternoon shows a huge no. of udp packets from diverse sources all directed at port 4903. Incredible. Anyone any idea what might be behind this? Unusually, no source seems to be repeated in the list.
I do have a dynamic ip. Does this mean that the last occupant of this ip address had a compromised machine?
"if the system has "Routing and Remote Access" switched on."
I always turn these off, always, as soon as the OS is installed. It's like keeping a light on for the burglars. These can be useful, but only for when they are needed, which is rare for me. Actually, I've never used either feature, except at work in an internal network. I feel sorry for those who don't know that they should have them turned off by default, which they aren't.
Microsoft default settings are set up with one thing in mind usually, reducing calls to their support line. They have gotten a little better security wise due to enterprise hammering on them but Microsoft's default OS choices have always left a bit to be desired. Here by default have an obscure dll for some long obsolete product included for compatibility reasons that also just happens to have a massive security vulnerability.