Flaws in Microsoft Word and Office Web Apps that allow hackers to execute malicious code on vulnerable systems have been fixed in Redmond's latest monthly batch of security bug fixes. In addition, two bugs at the kernel level of Windows XP and 7, and Server 2003 and 2008 R2, allow logged-in attackers to escalate their …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Wednesday 15th January 2014 08:29 GMT Anonymous Coward

What is becoming interesting is, how many of these are exploitable on XP?

For obvious reasons.

2 2
1. Wednesday 15th January 2014 11:23 GMT Anonymous Coward
  
  Re: What is becoming interesting is, how many of these are exploitable on XP?
  
  It tells you that if you bother to read the article....
  
  3 1
  1. Thursday 16th January 2014 11:12 GMT Anonymous Coward
    
    Re: What is becoming interesting is, how many of these are exploitable on XP?
    
    Including which of the Office vulnerabilities are for Office versions that run under XP? I can't keep on my head which versions of Office runs under which version of Windows.
    
    0 0
Wednesday 15th January 2014 12:27 GMT colin79666

Java

Don't forget Java 7 Update 51 which fixes numerous remotely exploitable holes.

1 0
1. Wednesday 15th January 2014 13:08 GMT Pascal Monett
  
  I thought it was Java that is a remotely exploitable hole
  
  12 2
  1. This post has been deleted by its author
  2. Wednesday 15th January 2014 16:27 GMT Semtex451
    
    @ Msr. P Monett - That did need saying
    
    0 1
Wednesday 15th January 2014 14:26 GMT Anonymous Coward

Excellent news

Good to see professional-grade software releasing important updates in a timely and manageable manner. No wonder Windows it the world's favourite operating system.

2 3
Wednesday 15th January 2014 14:35 GMT Fuzz

Tiny

Smallest patch Tuesday I can remember for ages.

1 patch for XP/2003/7/2008R2

2 patches for 7/2008R2

1 for office 2007

1 for word 2003/2007

Should make for easy testing

0 0
1. This post has been deleted by its author
  1. This post has been deleted by its author
Wednesday 15th January 2014 15:33 GMT Anonymous Coward

I'm updating a fairly basic CentOS system at the moment, it's about a month since I last updated and it has 310 packages which need updating and 15 new ones which become dependencies.

Once again, Linux beats Windows.

2 1
1. Wednesday 15th January 2014 15:47 GMT Anonymous Coward
  
  Huh?
  
  How does that "beat Windows". Reads to me like the code was of *much* lower quality when it was first released. Still, not bad for an amateur effort I guess and probably OK for trivial uses.
  
  0 4
  1. Wednesday 15th January 2014 15:56 GMT AJ MacLeod
    
    Re: Huh?
    
    Actually it's most likely because these CentOS updates are not primarily security updates, but an "point" upgrade to a new version. Similar to the Windows 8 to 8.1 "upgrade" only with a much smaller download size and the choice of virtually any UI you like either before or after.
    
    1 0
    1. Wednesday 15th January 2014 16:12 GMT keithpeter
      
      Re: Huh?
      
      Yeah, 310 packages sounds like CentOS 6.4 -> CentOS 6.5 to me. That is a sort of once or perhaps twice a year point update as AJ MacCleod says.
      
      I'd usually expect the odd library and maybe a kernel update, oh, and Firefox if doing updates monthly.
      
      CentOS 6 of course is Gnome 2.28 and will remain so for the rest of its life until around 2017/2020 (updates and then security only updates).
      
      1 0
  2. Wednesday 15th January 2014 16:23 GMT Anonymous Coward
    
    Re: Huh?
    
    That would have been a joke, I would have thought that was clear.
    
    The problem I seem to run into all the time as someone who is genuinely OS agnostic (I use pretty much all OSes, for whatever they're most appropriate for) if you say one is good at something, it's taken as some sort of slight against the others by their fans. If you make a joke about one OS, it somehow makes you a rabid fanboy for an other.
    
    Sigh.
    
    (That all said, I genuinely was updating a CentOS system that had those package numbers at the time.)
    
    3 0
    1. This post has been deleted by its author
Wednesday 15th January 2014 16:48 GMT asdf

How is this news still?

>Security holes in Word, the Windows kernel and Adobe Flash.

Hey look a headline from 2005. The more things change ...

2 0
1. Wednesday 15th January 2014 23:08 GMT Anonymous Coward
  
  Re: How is this news still?
  
  ... the more they stay in shame.
  
  2 0
Wednesday 15th January 2014 18:44 GMT Nunyabiznes

Chrome

As long as Google is throwing rocks they might as well pitch a few in their own house.

ISSO alert for Chrome with several vulnerabilities that can allow remote code execution as the logged in user was issued today.

I am giving Google credit for actually having a security team and testing all sorts of different software.

2 0
Wednesday 15th January 2014 19:10 GMT Anonymous Coward

Firewall log

My firewall log for this afternoon shows a huge no. of udp packets from diverse sources all directed at port 4903. Incredible. Anyone any idea what might be behind this? Unusually, no source seems to be repeated in the list.

0 0
1. Wednesday 15th January 2014 23:44 GMT Vociferous
  
  Re: Firewall log
  
  Dynamic IP?
  
  0 0
  1. Thursday 16th January 2014 09:37 GMT Anonymous Coward
    
    Re: Firewall log
    
    I do have a dynamic ip. Does this mean that the last occupant of this ip address had a compromised machine?
    
    0 0
    1. This post has been deleted by its author
Thursday 16th January 2014 00:16 GMT loneranger

"if the system has "Routing and Remote Access" switched on."

I always turn these off, always, as soon as the OS is installed. It's like keeping a light on for the burglars. These can be useful, but only for when they are needed, which is rare for me. Actually, I've never used either feature, except at work in an internal network. I feel sorry for those who don't know that they should have them turned off by default, which they aren't.

0 0
1. Thursday 16th January 2014 16:50 GMT asdf
  
  elementary
  
  Microsoft default settings are set up with one thing in mind usually, reducing calls to their support line. They have gotten a little better security wise due to enterprise hammering on them but Microsoft's default OS choices have always left a bit to be desired. Here by default have an obscure dll for some long obsolete product included for compatibility reasons that also just happens to have a massive security vulnerability.
  
  0 0