Feeds

back to article Security holes in Word, the Windows kernel and Adobe Flash. Party like it's Patch Tuesday again

Flaws in Microsoft Word and Office Web Apps that allow hackers to execute malicious code on vulnerable systems have been fixed in Redmond's latest monthly batch of security bug fixes. In addition, two bugs at the kernel level of Windows XP and 7, and Server 2003 and 2008 R2, allow logged-in attackers to escalate their privileges …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

What is becoming interesting is, how many of these are exploitable on XP?

For obvious reasons.

2
2
Anonymous Coward

Re: What is becoming interesting is, how many of these are exploitable on XP?

It tells you that if you bother to read the article....

3
1
Anonymous Coward

Re: What is becoming interesting is, how many of these are exploitable on XP?

Including which of the Office vulnerabilities are for Office versions that run under XP? I can't keep on my head which versions of Office runs under which version of Windows.

0
0

Java

Don't forget Java 7 Update 51 which fixes numerous remotely exploitable holes.

1
0
Silver badge
Trollface

I thought it was Java that is a remotely exploitable hole

12
2

This post has been deleted by its author

Bronze badge
Thumb Up

@ Msr. P Monett - That did need saying

0
1
Anonymous Coward

Excellent news

Good to see professional-grade software releasing important updates in a timely and manageable manner. No wonder Windows it the world's favourite operating system.

2
3

Tiny

Smallest patch Tuesday I can remember for ages.

1 patch for XP/2003/7/2008R2

2 patches for 7/2008R2

1 for office 2007

1 for word 2003/2007

Should make for easy testing

0
0

This post has been deleted by its author

This post has been deleted by its author

Anonymous Coward

I'm updating a fairly basic CentOS system at the moment, it's about a month since I last updated and it has 310 packages which need updating and 15 new ones which become dependencies.

Once again, Linux beats Windows.

2
1
Anonymous Coward

Huh?

How does that "beat Windows". Reads to me like the code was of *much* lower quality when it was first released. Still, not bad for an amateur effort I guess and probably OK for trivial uses.

0
4

Re: Huh?

Actually it's most likely because these CentOS updates are not primarily security updates, but an "point" upgrade to a new version. Similar to the Windows 8 to 8.1 "upgrade" only with a much smaller download size and the choice of virtually any UI you like either before or after.

1
0
Bronze badge
Linux

Re: Huh?

Yeah, 310 packages sounds like CentOS 6.4 -> CentOS 6.5 to me. That is a sort of once or perhaps twice a year point update as AJ MacCleod says.

I'd usually expect the odd library and maybe a kernel update, oh, and Firefox if doing updates monthly.

CentOS 6 of course is Gnome 2.28 and will remain so for the rest of its life until around 2017/2020 (updates and then security only updates).

1
0
Anonymous Coward

Re: Huh?

That would have been a joke, I would have thought that was clear.

The problem I seem to run into all the time as someone who is genuinely OS agnostic (I use pretty much all OSes, for whatever they're most appropriate for) if you say one is good at something, it's taken as some sort of slight against the others by their fans. If you make a joke about one OS, it somehow makes you a rabid fanboy for an other.

Sigh.

(That all said, I genuinely was updating a CentOS system that had those package numbers at the time.)

3
0

This post has been deleted by its author

Silver badge
Windows

How is this news still?

>Security holes in Word, the Windows kernel and Adobe Flash.

Hey look a headline from 2005. The more things change ...

2
0
Bronze badge

Re: How is this news still?

... the more they stay in shame.

2
0

Chrome

As long as Google is throwing rocks they might as well pitch a few in their own house.

ISSO alert for Chrome with several vulnerabilities that can allow remote code execution as the logged in user was issued today.

I am giving Google credit for actually having a security team and testing all sorts of different software.

2
0
Anonymous Coward

Firewall log

My firewall log for this afternoon shows a huge no. of udp packets from diverse sources all directed at port 4903. Incredible. Anyone any idea what might be behind this? Unusually, no source seems to be repeated in the list.

0
0
Silver badge

Re: Firewall log

Dynamic IP?

0
0
Anonymous Coward

Re: Firewall log

I do have a dynamic ip. Does this mean that the last occupant of this ip address had a compromised machine?

0
0

This post has been deleted by its author

"if the system has "Routing and Remote Access" switched on."

I always turn these off, always, as soon as the OS is installed. It's like keeping a light on for the burglars. These can be useful, but only for when they are needed, which is rare for me. Actually, I've never used either feature, except at work in an internal network. I feel sorry for those who don't know that they should have them turned off by default, which they aren't.

0
0
Silver badge

elementary

Microsoft default settings are set up with one thing in mind usually, reducing calls to their support line. They have gotten a little better security wise due to enterprise hammering on them but Microsoft's default OS choices have always left a bit to be desired. Here by default have an obscure dll for some long obsolete product included for compatibility reasons that also just happens to have a massive security vulnerability.

0
0
This topic is closed for new posts.