Another way of looking at the title
Call me cynical, but is it just coincidence the title could be interpreted as the flaws *being* Windows and Internet Exploder?
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks. The software maker on Thursday said January's Patch Tuesday will include a …
Only a numpty would allos SMB/CIFS to internet, but most numpties allow it for their entire LAN.... Which means just one laptop has to come in from a numpty's home LAN, and the entire business LAN is screwed....
I learned that lesson last year when our LAN at work got hit by Conficker - and no, it wasn't a laptop that caused it but a government department supplied computer that got infected by the government WAN where they had their standard firewall config allowing ALL computers to access SMB/CIFS. I was not ammused!
Within about 10 minutes of finding that problem, I switched all our computers to only allow access to SMB from our local servers (which aren't Windows boxes).
Way to go to promote your new products, Microsoft. Leave Win7 customers in preference to Win2000 which is, what, older than XP?!?
"incoming packets that are smaller or larger than they actually are."
Microsoft! What, is your code now being written by entry-level CS students, I meant WTF?
"Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness."
Tick tock tick tock...
Again, I'm kind of upset that the finger of blame always gets pointed at IE for being the bad boy, you have no mention of Firefox being at all responsible for any thing to do with xss attacks, and don't share any knowledge of it when you get it. So for the benfit of others,
http://labs.securitycompass.com/index.php/exploit-me/xss-me/xss-me-faq/
Now this is offered up as a security testing option, however it needs only a complete numpty to not see other potential options with, especially given the name. And for all of those who think the problem resides entirely with IE, can now add Firefox to your exemption lists, I'm sure with a bit of help/research from your friend Google, you could find any security testing intergration tool for any browser of choice, or perhaps Google will offfer up a tailor made exploit for your site, if you're just using templates on your site, in which case don't worry about xss, that'll be the least of your problems.
It allows you to continue your crusade. I am at least pleased that the real issue actually did get a one line by word at the bottom of your article, although by implication, I have absolutely no idea how an Adobe update can be attached to the real issue of the Microsoft flaws not being fixed, perhaps Microsoft should try even harder to fix everyone eles problems.
I also note that Microsoft have not fixed the Symantecc bug yet either. Why is this company Microsoft allowed to exist, such incompetence is beyond belief.
The coding errors will be in W7 etc too if they use SMB. The work by the SAMBA group to get Linux sharing with Wx seemed to me to reveal one thing: MS dont have a clue how their OS is put together any more - you can bet any W7 or higher code is more or less ripped straight from older versions and will reveal the same flaws - and some new ones too!
BR excuses wont do: The wrong type of website.....
I can't believe it. Since its inception this protocol has been the worst protocol to work with, the least reliable, and MS will to impose it is dumbfounding. On 10baseT ethernet, there was a (very) small advantage to run smb instead of TCP/IP, but since, it should have been put out of its misery long ago.