How about a fix for Vista's random wireless network disconnects?
I'd be more interested in a fix for Vista's random wireless network disconnects that seemingly can only be cured by a reboot.
A system-crashing bug with potential malware implications has been uncovered in Vista. But a fix for the vulnerability, which revolves around flaws in the operating system's network stack, may have to wait until the next service pack. The TCP/IP stack buffer overflow was discovered by security researchers at Austrian firewall …
FTA: XP is immune.
It's a shame Microsoft is too blind to realize what assets they have, before, ya know, they destroy them.
Let's hope Microsoft gets off it's high horse and supports XP until the users don't want to use it anymore... and not the other way around.
I still can't believe that MS is dictating that I should use an insecure OS... honestly.
"A fix for the flaw from Microsoft is unlikely until the next service pack for Vista, according to Thomas Uterleitner of Phion."
That's a stunning suggestion. The BugTraq post makes it quite clear that the cause is simply trusting a "number of bytes to copy" parameter, rather than validating it. That would be a two-line fix then, with NO change in the intended behaviour, for something that allows privilege escalation. It was reported on 22nd October, so it probably missed the deadline for November's patches (these things have to be regression tested), but I'd expect to see it next month. If you can't regression test a "no-op" in less than a month, there's something wrong with your process.
Here's a flaw that allows injection of hostile code, with no estimate on when it will be patched. Yet we're told that it's not worth defending against. If I were a malware author, I'd love to have a vulnerability that I know won't be fixed for several months. So what if it's a bit tricky – there's plenty of time to work on it.
Interesting to note it doesn't affect XP, which means it's something new they introduced in Vista.
Uh-huh. That would be my #1 fix request.
Followed by the removal of whatever instigates that green address bar thingy in Windows Explorer, and the associated wait that comes with it.
Followed by the reinstatement of the slideshow view of photos in WindowsExplorer.
Followed by the option of an "Up one level" icon.
Other than that, things are decent enough - insofar as I don't actually recall Vista ever crashing on me. Although the same could be said for XP since SP2.
But that's just me.
I am forced to use Vista as all my important applications won't run on XP.
No hang on, I mean I chose to use XP since some things I do are still a bit tricky on Linux and Vista.
Unless Microsoft can break XP then people will still keep using it.
How about they change the look of XP and call it Vista XP. You can re-skin your website using CSS so why not reskin XP?
"Possibly a daft question but does this mean that it hasn't been tested on the other editions or does it mean that the other editions don't have this flaw?"
It's all in the BugTraq posting. They've only tested those two editions. Given the nature of the flaw, they presume that other editions are affected.
Also, note that you have to run the malware as an Administrator or a Network Configuration Operator to be at risk. In the first case, you've already lost, so unless you have some of your users in the second group, it isn't strictly a vulnerability. (That's probably why they haven't bothered to check the more domesticated editions.)
The only people who can exploit the bug are members of the Network Configuration Operators group. (Administrators already have full access to the machine so there's nothing for them to exploit.)
Number of users in that group by default: Zero.
I'm sure there are a few cases where people are using that group, and Microsoft's slow response at issuing what should be a trivial fix -- just bounds-check the input -- for a bug that will be serious to some is a disgrace, but let's keep things in perspective. This won't affect many people and blanket "lol, you shoud go back to XP" statements are ignorant & stupid.
"Administrators already have full access to the machine so there's nothing for them to exploit."
Uh, sorry, but I think that since they are Admins of the machine, any exploit they attempt to use will obviously succeed.
So it's not "there's nothing for them to exploit", but more like "there's nothing to protect them from an exploit".
Biting the hand that feeds IT © 1998–2019