That other OS is like an avalanche. Wishing will not stop it from happening. We have yet another vulnerability affecting XP, 2003, Vista, “7″ and 2008. Wasn’t there a re-write in there somewhere? Was not the richest software company in the world able to root out a buffer overflow? Do they not have any computer scientists on staff to tell them not to incorporate GUI-stuff in the kernel???
“The bug resides in the “CreateDIBPalette()” function of a device driver known as “Win32k.sys.” It is exploited by pasting a large number of color values into an improperly allocated buffer, potentially allowing attackers to sneak in malicious payloads, vulnerability tracking service Secunia warned.”
Read all about it here and weep. It is wrong that 90% of the world’s PCs are subject to the same vulnerability, possibly for weeks. How are the IT folks supposed to sleep? 8-((
Everyone makes mistakes and they have to be fixed but M$ goes out of its way to create huge numbers of vulnerabilities and a billion PCs need to be patched to fix the latest bug. You would think they would take more care. Be free of this nonsense. Run Debian GNU/Linux.
5 Comments
Leave a comment
A few days later:
http://www.thinq.co.uk/2010/8/9/windows-kernel-overflow-vulnerability-found/
It never ends.
“Google employee and Microsoft basher Tavis Ormandy twitted: “I don’t think there’s been more than a few days this year that Microsoft [hasn't] been vulnerable to public kernel flaws.”"
That’s actually quite an improvement considering the volume of code has increased since the Lose ’9x days. Then they used to ship 50K bugs and no security at all…
Hey! Did you hear the latest news? Microsoft released 20,000 security holes and there’s an application included.
The issue of ‘calling out windows/microsoft’ is why blogs such as Poson’s, Goodbye-microsoft. etc. exist. Without citizen journalism we wouldn’t get the other side of the coin.
I have a theory about OS vulnerabilities. The Holy Grail would be very few. You know, like GNU/Linux. If a company, say, Microsoft for instance, is unable or unwilling to achieve that state then a blizzard of vulnerabilities is better than a few every now and then. This havoc Microsoft’s software is retching upon the World week after week… is normal. Or at least it’s accepted as normal. Microsoft goes to great effort to enforce that notion. Most articles and news announcements about vulnerabilities in Microsoft’s software never mention Microsoft or the software. It’s just a “computer” virus. Try that with an outbreak of Salmonella. “There is a new outbreak of Salmonella. Dozens of people have been hospitalized, many in serious condition. Tainted peanut butter is suspected in this second incident this month.” Does Microsoft’s software cause as much damage as Salmonella? No, it causes far more damage. It’s just never tabulated. I would rate Microsoft’s damage to IT at a one Katrina a year.