Err, cos it's a complete cum-puddle?
It's 2015 and hackers can hijack your Windows PC if you watch a web video
Microsoft has released the June edition of its Update (neé Patch) Tuesday security update dump. This month's bundle includes eight security bulletins, two rated "critical" and six rated "important." Users and administrators are advised to test (if necessary) and install the updates as soon as possible to prevent attacks. …
COMMENTS
-
This post has been deleted by its author
-
-
-
This post has been deleted by its author
-
Wednesday 10th June 2015 12:37 GMT Anonymous Coward
It is marked "important", not "unimporant". Exactly because it needs a user explicit action to trigger the vulnerability. If you are used to open the "you won one billion at the M$ lottery, please open the attached file", or "cute cats ppt from someone you never head of" well, the critical vulnerability is you.
-
-
Tuesday 9th June 2015 20:35 GMT PushF12
POSReady 2009 got these security updates
Windows XP editions that are still supported got the Internet Explorer, Windows Media, and KMD patches.
This means that Windows XP editions for consumers are now wide open to exploit by script kiddies. If they can connect to an affected computer or phish it in any way, then they can pwn it.
-
Wednesday 10th June 2015 06:59 GMT Anonymous Coward
Re: POSReady 2009 got these security updates
If they can connect to an affected computer or phish it in any way, then they can pwn it.
Yes, time to see if I can stop that VirtualBox partition* from committing changes. I remember doing it in Parallels on a Mac, but I haven't checked if it's possible in VirtualBox.
* No, I don't run Windows native. There are not enough Tuesdays in the month :).
-
-
Tuesday 9th June 2015 21:39 GMT Anonymous Coward
Fitness for purpose
Hmmm.. quite a lot of pretty serious errors there. How long before the lawsuits start to determine "fitness for purpose" of the XP product, or indeed of the highly touted latter variants (7,8,etc). MS had 14 years to fix XP... and still couldn't get it safe... And as for Adobe, words just fail me....
-
Tuesday 9th June 2015 21:54 GMT Howard Hanek
Missing the Most Important
According to US President Obama the most critical problem facing the world is not security but climate change. When will Apple, Microsoft and Adobe issue climate change patches for their products? Or should we just demand that they do......or something......
Even if they just SAY they are that would go a long way to establishing the political correctness credentials they value so highly.
-
Tuesday 9th June 2015 23:18 GMT Nolveys
Active Directory Federation Services Vulnerability
Captain Picard: "Computer, does this vulnerability effect your systems?"
Computer: "Com-meh-meh, does this vul-meh-meh-meh effect your meh-meh-meh? Oh, what? I can't hear you over the sound of the bridge atmosphere being evacuated into space. Nice head, do you know what it reminds me of? Data, execute the 'Larry, Curly and Moe' routine on the captain. All crew, retrieve flippers, diving masks and snorkels from the nearest replicator and report to the cargo bay! Saucer section separate! Ramming speed!"
-
-
Wednesday 10th June 2015 07:06 GMT Anonymous Coward
Re: Linux Calling...
Come on we've got Open Source Swift 2 on Linux, (a real game changer for Linux) isn't about time you jumped ship from the shit that is MS?
Although I prefer OSX, I think it's unwise to herald an entirely new product on a platform it's never been on before as a solution to a problem (not to mention the fact that Swift 2 hasn't even been released yet, let alone brought into Open Source or did you miss that?). If you are seeking to fix an issue, you go for solutions that have already proven their worth in the field. For us this happens to be Linux on the server and OSX on the desktop, but that may not work for everyone.
The worst thing you can do when seeking to solve a crisis is making assumptions that have no basis in fact.
-
-
-
Wednesday 10th June 2015 07:35 GMT Hans 1
Re: I wonder how quickly..
Have you ever worked in development ? Heard of version control software ?
Written any code and merged patches to it into separate branches ... because, well, when you merge patches, you are very often doing the equivalent of a copy & paste.
I luv the irony: "M$ programmers just cut & paste the same code every time"
Cut & Paste ? Surely you mean copy & paste !
<joke>Why does Edge no longer support HSTS ? Because an MS employee cut & paste'd it over to IE 11 in the backport.</joke> (Yes, I know ... you would not commit both changed files, but still ...)
-
-
Wednesday 10th June 2015 10:24 GMT theOtherJT
Time to reboot the terminal services machine again...
I hate patch Tuesday. The "You need to save everything and log off" email went out to the dozen or so people who like to use the terminal services machine and *NEVER LOG OFF* about an hour ago and we're already getting the "You MUST postpone this reboot I have important work to do!" mails back.
No. It's rebooting at 6pm this evening. Live with it. It's patch Tuesday, you all know how this goes by now.
-
Wednesday 10th June 2015 12:28 GMT Anonymous Coward
Re: Time to reboot the terminal services machine again...
A client has just given a formal warning to their IT support manager who (not for the first time) shutdown the terminal services machine without giving any prior warning to the business users and in direct contravention of an email from the business senior management about the criticality of systems being available yesterday to the business users.
As for users never logging off - isn't that one of the reasons for using TS? Users can simply leave their desktop 'as is', go elsewhere (eg. home) and pick up where they left off...
But in your favour, I do note that you are scheduling the reboot outside of normal office hours, rather than at 11am...
-
Wednesday 10th June 2015 12:35 GMT Anonymous Coward
Re: Time to reboot the terminal services machine again...
Sure, it's very clever to leave application open and maybe unsaved docuement on a machine that could need to be shutdown or rebooted for any reason, including power outages, floods, etc. etc.
Then complain it's not your fault if something bad happens, it's someone's else...
-
Wednesday 10th June 2015 16:14 GMT Anonymous Coward
Re: Time to reboot the terminal services machine again... @LDS
Whilst I agree, users are very good at walking away from machines, leaving work in progress unsaved and then get upset (with IT) when for whatever reason their work is lost. As I said, the way TS is generally implemented (and MS TS specifically), does positively encourage this behaviour (as do cloud delivered applications) - hence it is something IT needs to live with and find mitigations, particularly as it is IT who will have imposed the use of TS on users...
From an IT perspective the real irritation is that many user applications don't really have adequate auto save features (remember Trevor Potts El Reg article about MS Office autosave and file corruption...), nor good desktop status preservation features,that would enable the orderly shutdown and restoration of TS desktops/sessions without loss of work in progress...
As for the list of machine shutdown and reboot reasons, well there is no real technical difference between having to perform these actions at 11am or 11pm; although more users will be impacted by an 11am shutdown. Hence your shutdown procedure should seamlessly cater for both scenario's, obviously machine crashes are something different... And finally, if you aren't powering your TS through an appropriately configured UPS then you only have yourself to blame when there is a power outage...
-
-
-