More cracks in Windows

By Derek Sooman on January 11, 2006, 12:52 PM
Microsoft released two more critical patches yesterday. These fix a flaw in the way Microsoft Windows processes embedded web fonts (MS06-002) and a Microsoft Outlook and Microsoft Exchange Transport Neutral Encapsulation Format (TNEF) decoding vulnerability. If properly exploited, these flaws can allow a hacker to execute arbitrary code or cause a denial of service on an unpatched system.

Alan Bentley, UK managing director at security tools firm PatchLink, commented: "It has clearly been a bad year for downloadable file formats in the Windows world and it is only 10 days into the New Year. The new patches show some critical issues in Microsoft WMF, MS-TNEF and Web Font download file formats that can all allow remote code execution.




User Comments: 11

Got something to say? Post a comment
PUTALE said:
more patches, I guess we should applaud MS for working so hard:).
asphix said:
If new vulnerabilities continue to be exposed I cant expect it to provide a desireable PR buildup to the release of Vista later this year.
exscind said:
I still have doubts Windows Vista will unveil this year, but I digress. While it is still bad, for lack of a better word, at least Microsoft is continuing to patch up the problems. But we haven't even gotten past January and all these problems are surfacing up already. On a lighter note, maybe Microsoft purposely waited to patch up all the cracks in January so statistically it can gloat that it has less vulnerabilities than Linux/Unix in the year 2005 (yes, that was a joke).
Eleventeen said:
Seems like this stuff is happening every day now. I wonder how severe exploits will be in Vista though, cause I'm almost sure there will be alot of them. Then Microsoft will release more Service Packs for that OS too. Oh well, better safe than sorry I guess.
Cartz said:
Heheh, sometimes I wonder if the guys in MS's dev's team could write a 'Hello World' program without exposing some sort of buffer overflow vulnerability.In all seriousness, these people are working on one of the most complicated and definately one of the most used pieces of software in the world. I'm a firm believer that the only reason so many security holes have been found in Windows XP is due to the size of their user base, and the desires of some of these users to poke holes in the system for sport.I would wager (only a small amount though) that if there were as many freelance techies dedicated to finding and exploiting holes in Linux as there are for Windows, that as many and if not more holes would be found in the Linux system. Writing an operating system is the modern equivilant of constructing Stonehenge or the Pyramids, it's a monumental task that can't be expected to be done perfectly the first time.So, what I'm saying is basically, I can't fault MS for releasing a product with security holes. But I can, and will, fault them for the poor processes they have in place to deal with these holes when they're discovered. Worms like Sasser, which exploited a bug in LSAS that was discovered a full 90+ days prior to its release, should never, ever have spread.
DragonMaster said:
Why are there a lot of security problems? Simple : It's cheaper to discover them with millions of user them that test it for free than with beta testers.
yoyomama said:
[b]Originally posted by Cartz:[/b][quote]Heheh, sometimes I wonder if the guys in MS's dev's team could write a 'Hello World' [/quote]Umm... I doubt MS could even write a "Hello World" program.root users galore + ActiveX = stupidroot users galore + ActiveX + incompetence = MS
MonkeyMan said:
Well, I hope that Windows Vista, doesn't need as many patches, like XP continuously does. All of these viruses, and PC threats, are making me evermore uneasy using XP. I believe I will be the first consumer to buy Vista, when it is released, later this year.
zachig said:
Too many patches lately. Anyway, at least Microsoft is fast in releasing them.
nathanskywalker said:
yesh...figured these patches meant something...
mentaljedi said:
does anyone have a pc that will be able to handle vista? I know mine can't. But thats besides the point. I'm just laughing at how many patches are being released. At least they're doin osmething i guess...
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.