MS to offer 'out of schedule' patches

[Rik]

El Reg reports that;

Microsoft plans to issue two emergency patches next week that fix vulnerabilities in the Internet Explorer browser and Visual Studio developer suite that allow attackers to remotely execute malware.

The patches, which will be delivered on Tuesday, will be only the third time Microsoft has issued an out-of-band security patch in the past 25 months. That suggests the updates are serious enough to warrant the extra fuss. Typically, the company issues patches on the second Tuesday of each month to allow administrators time to plan for and test the updates.

In an advanced notice published late Friday, the company gave few details about the vulnerability. The patch for IE is rated "critical," the highest severity designation on Microsoft's four-notch scale. The update for Visual Studio is rated one notch lower, at "important." Both fixes will require machines to be rebooted.

"While this release is to address a single, overall issue, in order to provide the broadest protections possible to customers, we'll be releasing two separate security bulletins," a Microsoft spokesman said in a statement.

[Simon]

[Sebby]

They must be pretty serious security issues for Microsoft to do something out of the ordinary!

[sobranie]

Quote from El reg .....

The underlying bug was discovered by researchers Ryan Smith and Alex Wheeler and reported to Microsoft in April or May of 2008. ......

Yep, I can see why this rates as a critical fix of the highest order etc etc etc.
Why am I 'not bovvered' I ask myself?   

[D-Dan]

And this affects Ubuntu - How?

Steve

[Rik]

Give me a moment, Steve, I'll think of something. 

[somanyholes]

http://www.microsoft.com/technet/security/bulletin/ms09-jul-ans.mspx 10:00 AM Pacific Time next Tuesday, July 28, 2009.  looks like reboot required.

Next ones for steve..

if using dhclient (dhcp) looks like its got hacked read more here. http://vrt-sourcefire.blogspot.com/2009/07/dont-read-this-post.html So it looks like your beloved ubuntu isn't quite as secure  So hotels/wireless hotspots etc might not be as nice.

Also in the news 3g UMTS has been hacked (man in the middle). It looks like the uptake of this is catching up with GSM. So it looks like the days of presuming 3g broadband as being a secure alternative to 802.11 x are disappearing.

Just thought i'd spread the love for the non microsoft users! 

[Rik]

Gee ta, So. 

[somanyholes]

and just to make sure I haven't missed anyone else out. I.e. Sebby here's an all rounder including. Mac's 

http://prosecure.netgear.com/community/security-blog/2009/07/new-adobe-flash-player-vulnerability.php

[Rik]

 

Adobe should stick to Photoshop.

[somanyholes]

They should make it what it was meant to be. A lightweight universal reader with few bells and whistles. The fun never stops does it

[Rik]

Bloatware, the curse of the industry.

[Gary]

Bloatware, the curse of the industry.

and my trousers

[Rik]

It affects kilts too, Gary.

[Noreen]

I've just installed the IE7 patch. It still wants me to update to IE8 but I don't want to at the moment.

[Rik]

Me neither, I think it's given up nagging me on that. I also got the C++ patch.

[Noreen]

I'm sure that I've "hidden" the IE8 updates at least twice.

[Rik]

It thinks you need enlightenment, obviously.

[Sebby]

I'd go for IE8. It is an improvement over IE7, even though that's not saying much.

[Rik]

 

Bring back Netscape I say. 

[Sebby]

That was a cool browser.

[Rik]

It was, and I was sad to see it go, Seb.

[Gary]

I got another patch today for C++ 2008 redistributable KB973924 that makes three now

[Rik]

Maybe they think you deserve them, Gary.

[Gary]

Maybe they think you deserve them, Gary.

Maybe they forgot it