back to article It's 2015 and hackers can hijack your Windows PC if you watch a web video

Microsoft has released the June edition of its Update (neé Patch) Tuesday security update dump. This month's bundle includes eight security bulletins, two rated "critical" and six rated "important." Users and administrators are advised to test (if necessary) and install the updates as soon as possible to prevent attacks. …

  1. This post has been deleted by its author

    1. Phil Kingston

      Err, cos it's a complete cum-puddle?

      1. Measurer

        Up vote for use of the term 'cum-puddle'!

  2. BristolBachelor Gold badge
    WTF?

    " the bulletin is only rated "important" as the user would need to manually open a maliciously crafted Office file"

    Do what? So Office 2010 is safe as long as you never use it to open files?

    Can't they just list all vulnerabilities as unimportant because if you don't switch the PC on....

    1. This post has been deleted by its author

    2. Mephistro
      Pint

      (@ BristolBachelor)

      Came here with that same quote in my clipboard, and to write almost exactly the same words. TY for saving me the effort! :-)

    3. Anonymous Coward
      Anonymous Coward

      It is marked "important", not "unimporant". Exactly because it needs a user explicit action to trigger the vulnerability. If you are used to open the "you won one billion at the M$ lottery, please open the attached file", or "cute cats ppt from someone you never head of" well, the critical vulnerability is you.

  3. elDog

    Or if you open the link to this El Reg article

    How long before someone burrows under the firewall and sticks a nice Comment URL to another of the throbbing LOHAN links. The link that proceeds to proper pwnership of perusers' PC and other privates.

    Click here: http://buttly.no/2314notelreg

  4. Solmyr ibn Wali Barad
    Coat

    Wot, no video?

    Lists are boooring. In 2015, it is customary to have a videotalk about such matters. Definitely with a nasal voice. Video should be embedded in the article, set to autorun.

    1. Anonymous Custard

      Re: Wot, no video?

      And crafted specially along the lines of MS15-057?

  5. PushF12
    Alert

    POSReady 2009 got these security updates

    Windows XP editions that are still supported got the Internet Explorer, Windows Media, and KMD patches.

    This means that Windows XP editions for consumers are now wide open to exploit by script kiddies. If they can connect to an affected computer or phish it in any way, then they can pwn it.

    1. Anonymous Coward
      Anonymous Coward

      Re: POSReady 2009 got these security updates

      If they can connect to an affected computer or phish it in any way, then they can pwn it.

      Yes, time to see if I can stop that VirtualBox partition* from committing changes. I remember doing it in Parallels on a Mac, but I haven't checked if it's possible in VirtualBox.

      * No, I don't run Windows native. There are not enough Tuesdays in the month :).

  6. Anonymous Coward
    Anonymous Coward

    Fitness for purpose

    Hmmm.. quite a lot of pretty serious errors there. How long before the lawsuits start to determine "fitness for purpose" of the XP product, or indeed of the highly touted latter variants (7,8,etc). MS had 14 years to fix XP... and still couldn't get it safe... And as for Adobe, words just fail me....

  7. Grade%
    Pint

    Holy [mmph] storm, Batman!

    Thanks, El Reg. I count on your monthly tales of horror to alert me. Keep up the good work!

    'Ave one on me!

  8. Howard Hanek
    Go

    Missing the Most Important

    According to US President Obama the most critical problem facing the world is not security but climate change. When will Apple, Microsoft and Adobe issue climate change patches for their products? Or should we just demand that they do......or something......

    Even if they just SAY they are that would go a long way to establishing the political correctness credentials they value so highly.

    1. Geoffrey W

      Re: Missing the Most Important

      You need to lift that bonnet once in a while, and let that bee out

    2. Destroy All Monsters Silver badge

      Re: Missing the Most Important

      The most critical problem facing the world is frankly 100% inbred politicians like Obama.

      1. frank ly

        Re: Missing the Most Important

        I resemble that remark.

  9. Destroy All Monsters Silver badge
    Facepalm

    What's lint?

    Can anybody please, please, please SHOOT THESE PEOPLE?

    They can then get a tombstone of undestructible Poly(methyl methacrylate) with the inscription "here lies gonzo programmer; he insisted on using C-style languages without a safety net"

  10. Nolveys
    Terminator

    Active Directory Federation Services Vulnerability

    Captain Picard: "Computer, does this vulnerability effect your systems?"

    Computer: "Com-meh-meh, does this vul-meh-meh-meh effect your meh-meh-meh? Oh, what? I can't hear you over the sound of the bridge atmosphere being evacuated into space. Nice head, do you know what it reminds me of? Data, execute the 'Larry, Curly and Moe' routine on the captain. All crew, retrieve flippers, diving masks and snorkels from the nearest replicator and report to the cargo bay! Saucer section separate! Ramming speed!"

  11. Mikel

    It might be 2015

    But it's still Windows, IE and Office. Some things never change.

  12. Anonymous Coward
    Anonymous Coward

    Linux Calling...

    Come on we've got Open Source Swift 2 on Linux, (a real game changer for Linux) isn't about time you jumped ship from the shit that is MS?

    Windows 10 going forward, just looks like more frequent updates, more often to help Microsoft, not its customers.

    1. Anonymous Coward
      Anonymous Coward

      Re: Linux Calling...

      Come on we've got Open Source Swift 2 on Linux, (a real game changer for Linux) isn't about time you jumped ship from the shit that is MS?

      Although I prefer OSX, I think it's unwise to herald an entirely new product on a platform it's never been on before as a solution to a problem (not to mention the fact that Swift 2 hasn't even been released yet, let alone brought into Open Source or did you miss that?). If you are seeking to fix an issue, you go for solutions that have already proven their worth in the field. For us this happens to be Linux on the server and OSX on the desktop, but that may not work for everyone.

      The worst thing you can do when seeking to solve a crisis is making assumptions that have no basis in fact.

    2. Anonymous Coward
      Mushroom

      Re: Linux Calling...

      So your Linux box has never had any updates?

      If not, please unplug from the Internet now.

      Or are you one of these asshats that think <insert OS> can do everything better than every other OS.

  13. Medixstiff

    I wonder how quickly..

    Before they find the first zero days that have been affecting all current OSes also affect Win10 because M$ programmers just cut & paste the same code every time?

    1. Hans 1

      Re: I wonder how quickly..

      Have you ever worked in development ? Heard of version control software ?

      Written any code and merged patches to it into separate branches ... because, well, when you merge patches, you are very often doing the equivalent of a copy & paste.

      I luv the irony: "M$ programmers just cut & paste the same code every time"

      Cut & Paste ? Surely you mean copy & paste !

      <joke>Why does Edge no longer support HSTS ? Because an MS employee cut & paste'd it over to IE 11 in the backport.</joke> (Yes, I know ... you would not commit both changed files, but still ...)

    2. Sandtitz Silver badge
      Facepalm

      Re: I wonder how quickly..

      "M$"? That's so 90s. Grow up.

      Do you honestly believe that all other OSes and other software are written from scratch each time?

      1. Anonymous Coward
        FAIL

        Re: I wonder how quickly..

        Yes, yes he does.

  14. theOtherJT Silver badge

    Time to reboot the terminal services machine again...

    I hate patch Tuesday. The "You need to save everything and log off" email went out to the dozen or so people who like to use the terminal services machine and *NEVER LOG OFF* about an hour ago and we're already getting the "You MUST postpone this reboot I have important work to do!" mails back.

    No. It's rebooting at 6pm this evening. Live with it. It's patch Tuesday, you all know how this goes by now.

    1. Anonymous Coward
      Anonymous Coward

      Re: Time to reboot the terminal services machine again...

      A client has just given a formal warning to their IT support manager who (not for the first time) shutdown the terminal services machine without giving any prior warning to the business users and in direct contravention of an email from the business senior management about the criticality of systems being available yesterday to the business users.

      As for users never logging off - isn't that one of the reasons for using TS? Users can simply leave their desktop 'as is', go elsewhere (eg. home) and pick up where they left off...

      But in your favour, I do note that you are scheduling the reboot outside of normal office hours, rather than at 11am...

      1. Anonymous Coward
        Anonymous Coward

        Re: Time to reboot the terminal services machine again...

        Sure, it's very clever to leave application open and maybe unsaved docuement on a machine that could need to be shutdown or rebooted for any reason, including power outages, floods, etc. etc.

        Then complain it's not your fault if something bad happens, it's someone's else...

        1. Anonymous Coward
          Anonymous Coward

          Re: Time to reboot the terminal services machine again... @LDS

          Whilst I agree, users are very good at walking away from machines, leaving work in progress unsaved and then get upset (with IT) when for whatever reason their work is lost. As I said, the way TS is generally implemented (and MS TS specifically), does positively encourage this behaviour (as do cloud delivered applications) - hence it is something IT needs to live with and find mitigations, particularly as it is IT who will have imposed the use of TS on users...

          From an IT perspective the real irritation is that many user applications don't really have adequate auto save features (remember Trevor Potts El Reg article about MS Office autosave and file corruption...), nor good desktop status preservation features,that would enable the orderly shutdown and restoration of TS desktops/sessions without loss of work in progress...

          As for the list of machine shutdown and reboot reasons, well there is no real technical difference between having to perform these actions at 11am or 11pm; although more users will be impacted by an 11am shutdown. Hence your shutdown procedure should seamlessly cater for both scenario's, obviously machine crashes are something different... And finally, if you aren't powering your TS through an appropriately configured UPS then you only have yourself to blame when there is a power outage...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like