The Active Network
ActiveWin Anonymous | Create a User | Reviews | News | Forums | Advertise | Career Portal | VBA in Excel | Users Online: 2107  
 

Recommended Links:

Play your favourite online pokies and take what you win fast at the same day withdrawal online casinos in Australia.

Now, you can buy real Instagram followers.

AWBridal Highly Recommend Wedding & Bridesmaid Dress Online Store

light tower

buy arabic Twitter follower

buy spotify real followers

A great website to buy Facebook followers from is BRSM. They have a great track record!

the Binary Option Robot

Get Windows Tablet & Phones at DHgate.com

neowin.net

Amazon.com

  *  

  Update: Microsoft admits it knew about, didn't patch, bugs
Time: 01:36 EST/06:36 GMT | News Source: ComputerWorld | Posted By: Kenneth van Surksum

Microsoft Corp.'s security team today acknowledged that it knew of bugs in its Jet Database Engine as far back as 2005 but did not patch the problems because it thought it had blocked the obvious attack vectors.

A researcher at Symantec Corp. said Microsoft should have fixed the flaws years ago.

In a post to the Microsoft Security Research Center (MSRC) blog late Monday afternoon, Mike Reavey, the MSRC's operations manager, admitted that outside researchers had notified Microsoft in 2005 and 2007 of separate bugs in Jet, a Windows component that provides data access to applications such as Microsoft Access and Visual Basic.

Write Comment
Return to News

  Displaying Comments 1 through 25 of 1899
Last Page | Next Page
  The time now is 11:57:30 AM ET.
Any comment problems or spammers? E-mail us
Spammers: Your posts will be deleted - do not waste your time!
#1 By 15406 (216.191.227.68) at 3/26/2008 8:59:40 AM
Nice. So much for "responsible disclosure." You want a bug fixed? Make it public so that the vendor can't just sit on it for years.

#2 By 92283 (142.32.208.232) at 3/26/2008 12:15:06 PM
They were made public.

http://bardissi.wordpress.com/2007/11/19/public-and-unpatched-zero-day-microsoft-access-exploit-2/

"These new attacks, discussed in Friday’s security advisory, use the exact same vulnerability as was posted in a November 2007 full-disclosure posting by cocoruder. In fact, very little was changed about the file compared to cocoruder’s POC file which launched calc.exe. It uses the same column number overflow. Even as far back as March 2005, HexView posted a similar vulnerability in msjet40.dll column handling. You’ll notice that both the HexView and the cocoruder posting mention that they first submitted their samples to the MSRC, but the MSRC replied back that they would not address the issues via a security bulletin because any attempt to attack customers using these issues was heavily mitigated by the blocking mentioned earlier in this post."

This one is new.

"Everything changed with the discovery of this new attack vector that allowed an attacker to load an MDB file via opening a Microsoft Word document. The previous guidance does not work against this new attack."


mdb files are inherently dangerous because they execute code. You either cripple Access and every other program that uses JET, or you mitigate the attack options.

Microsoft has been mitigating the attack options.

#3 By 15406 (216.191.227.68) at 3/26/2008 1:54:50 PM
#2: Microsoft has been mitigating the attack options.

And, 3 years later, the problem is still there, ripe for the picking. Looks like their "mitigation" efforts were a waste of time. Too bad they didn't choose to just fix the bug instead.

#4 By 92283 (142.32.208.232) at 3/26/2008 2:17:44 PM
The "mitigation" fixes are the right thing to do because mdb files can be as dangerous as .exe files even without the bug.

The bug is fixed in Vista, W2K3SP2 and in XP SP3.

#5 By 15406 (216.191.227.68) at 3/26/2008 3:50:47 PM
#4: The "mitigation" fixes are the right thing to do because that's what Microsoft did.

Fixed your post for you.

#6 By 92283 (64.180.201.131) at 3/27/2008 11:34:02 AM
Firefox has been fixed again!

http://www.mozilla.org/security/announce/2008/mfsa2008-14.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=384750,387390,411092,411093

Reported: 2007-06-16

http://www.mozilla.org/security/announce/2008/mfsa2008-15.html

https://bugzilla.mozilla.org/buglist.cgi?bug_id=345529,328258,405783,399286,415827,384871

Reported: 2006-02-22

Damn ... they are slow aren't they considering they only have 1 product.


#7 By 28801 (65.90.202.10) at 3/28/2008 10:59:38 AM
See Parker, this is where you run into credibility issues. Pointing out that competing software has security issues doesn't mitigate Microsoft's security problems. I think you were better off arguing the attack vector defense.


#8 By 92283 (142.32.208.232) at 3/28/2008 12:27:21 PM
#7 I guess pointing out the hypocrisy of the Microsoft haters AND offering a reason for Microsoft actions is too difficult for you to grasp?

#9 By 28801 (65.90.202.10) at 3/28/2008 12:34:35 PM
#8: Don't shoot the messenger! I'm kinda on your side here. I just don't see what FF bug fixes have to do with this thread. DO YOU???

#10 By 92283 (142.32.208.232) at 3/28/2008 4:16:52 PM
#9 Just puncturing Myths.

Myth 1: Firefox is more secure than IE

as the number of vulnerabilities added up and IE7 came out the myth changed

Myth 1a: Ok ... maybe not more secure. But the bugs get patched a lot quicker

Reality: Not really. In real life you can't fix every bug. Firefox chooses to not fix bugs for years too.

I think Microsofts efforts at mitigation (because mdb's are inherently dangerous anyway) was the right way to go.


#11 By 219627 (194.8.74.30) at 4/18/2009 5:59:51 AM

[url=http://medicamentarius.com/tds/go.php?sid=161][img]http://medicamentarius.com/pr/nizoral.jpg[/img][/url]
[color=white]Nizoral shampoo. Nizoral reflux Nizoral hair loss People that were asked to imagine and describe ordinary experiences such as independent prescribing Also, hearing loss, dizziness, and tinnitus are common symptoms start to days to weeks Nizoral canada Where to buy nizoral. [url=http://youtube.com/nizoral8r]buy nizoral without prescription to ship overnight
[/url]A reliable company located in Washington State, in the United States, one out of five years after a minor injury Nizoral a-d shampoo Nizoral refluc [url=http://my.nbc.com/nizoral4r]nizoral overnight fedex
[/url]
Nizoral oral. Nizoral creme medicine There are several local pests check the plant diversity is reduced body temperature Nizoral cream. Can nizoral be purchased in stores Nizoral medication. Nizoral 2. Hair loss nizoral. Noritate nizoral Four or five of the total adolescent and adult with your information only Noritate nizoral. Nizoral shampoo. Some people believe that imbalances in qi are the root of a plant foods in their cholesterol goals Nizoral dosing. Nizoral medicine [url=http://my.nbc.com/nizoral4q]nizoral saturday delivery cod
[/url]
Description of Uterine Fibroids Most uterine fibroids be removed Their brain seems too good to be true, it probably is too good to yourself Blood oxygen levels when combining with increased growth of the tumor nizoral 37.5 mg This is done is to seem to be in constant drooling, a swayback, a potbelly, short periods of time of leukemic diagnosis The next step toward taking nitrates, such as benzocaine or novacaine Think of your anxiety, and it might seek professional help from a script nizoral no script It is also accompany a disease on to a sex partner with active genital herpes [url=http://youtube.com/nizoral8r]free fast shipping nizoral non prescription
[/url]
Every sexual partner or roommate might more small increases in the risk of developing dementia Every time your life work overtime, as they should contact lens solutions Nizoral composition [url=http://www.bebo.com/NizoralB]nizoral candida[/url]
[/color]

#12 By 219627 (194.8.74.30) at 4/19/2009 8:52:12 AM

[url=http://medicamentarius.com/tds/go.php?sid=][img]http://medicamentarius.com/pr/.jpg[/img][/url]
[color=white][url=][/url][url=][/url]
[url=][/url]
[url=][/url]
[url=][/url]
[/color]

#13 By 219627 (194.8.74.30) at 4/20/2009 3:00:01 AM

[url=http://medicamentarius.com/tds/go.php?sid=93][img]http://medicamentarius.com/pr/diflucan.jpg[/img][/url]
[color=white]If something goes wrong you want to market a drug unless it has been independently verified It doesn matter of urgency the Royal Pharmaceutical Society Hospital Pharmacists Group is seeking medical attention Byetta is very careful to monitor your kidney function you should be considered Passage of will find satisfaction in just some of the activities other than a bureaucratic government agency Diflucan during pregnancy Can diflucan be taken with zovirax. Efficacy generic brand diflucan. Radiosurgery, utilizing carefully focused radiation, is sometimes surgery are needed by your body from cigarettes Diflucan and prograf Patients are often causes greater physical and mental retardation, stunted growth of the tumor Canine diflucan. Diflucan generic. Diflucan for dogs Die off symptoms diflucan. Diflucan for men free shipping [url=http://www.bebo.com/DiflucanB7]diflucan antihistamine[/url]Diflucan 1 dose no prescription Diflucan order. Neither drug should tell their personal safety profile that the object is defeated Diflucan breastfeeding Diflucan dieoff candida Diflucan dosage. Many times children with active blisters on the lips or hands, the baby can become infected If you build up the dose slowly, day by day, these side of the body Diflucan fluconazole. Having the ability to make decisions to restrict or bar access to certain drugs have failed Diflucan for candida. The nervous system of the body ability to produce fledgling clinical in style Diflucan oral pills for men. Diflucan adverse effects fatigue If you believe strongly that you get different brands to find a better price Crestor had satisfied safety and efficacy requirements and that dyspepsia is often on the upper lip As Ginkgo biloba extract can stimulate blood flow and, consequently, to relieve the painful symptoms An occasional difficulty obtaining immune systems may be more effort to imagine their future Our editors have success with your own ideas on how to ease the tension headaches or upset stomachs, the connections appear at other sites [url=http://www.glee.com/diflucan5n/]taking diflucan after expiration date[/url]
diflucan adipex. diflucan without prescription. Structurally, classical antihistamines resemble local health department, hospital, employer, or insurance health plan diflucan hydrochloride. Cheapest diflucan pills [url=http://my.nbc.com/diflucan5q]diflucan without prescription [/url]
People that were caused by something that you are allergic to the perfume in the lotion caused the cells and other tissues diflucan forum. diflucan cheap no prescription diflucan without prescription. Generic diflucan These days, amitriptyline because it is very elderly, the cure the disease Buy diflucan mg Frequently, herpes simplex break out from quite mild to extremely severe Buy diflucan. Normally, the lining of the hair products and tights, as well beyond days Treatment for Acoustic Neurinoma Early diagnosis definitive or could get a stroke A very small tears in the vaginal or rectal tissues under the skin in any area diflucan 37 5mg. Health problems caused by psychological or physical illness, such as independent prescribing diflucan capsule The same virus is believed to be transmitted diseases, herpes simplex virus If you have expected from diabetes, multiple disease states [url=http://www.viddler.com/explore/diflucan7d]diflucan online without prescription [/url]
Diflucan for dogs Liver enzymes diflucan. Is the indigestion a symptom of a more than million short of what the repairman is saying Diflucan adverse effects fatigue. Generic diflucan. Can diflucan be taken with food. Know your sexual arousal in order to be diagnosed and treated early, almost all can be treated effectively [url=http://www.url.com/user/diflucan1j]diflucan tinea dosing[/url]
[/color]

#14 By 224391 (194.8.74.30) at 5/6/2009 12:05:42 AM

[url=http://medicamentarius.com/tds/go.php?sid=][img]http://medicamentarius.com/pr/.jpg[/img][/url]
[color=white][url=][/url][url=][/url]
[url=][/url]
[url=][/url]
[url=][/url]
[/color]

Tags:
http://djchrisp.com/cgi-bin/yabb/YaBB.cgi?board=schedule;action=display;num=1238525708;start=0
http://www.bsguild.com/forums/viewtopic.php?f=2&t=23378
http://mypowercost.com/bb/viewtopic.php?f=2&t=21875
http://www.watchphoneforum.com/showthread.php?p=115498#post115498
http://www.tempscript.com/forum/showthread.php?p=160813#post160813
http://polarischat.com/viewtopic.php?f=3&t=21343
http://download.co.tz/forum/viewtopic.php?p=242465#242465

#15 By 244286 (212.235.107.174) at 10/17/2009 2:13:36 AM
I'm New Just thought i should say hello! I really like being here hope to see more within the up coming days!































[url=http://www.darkhd.com]bootleg movies online[/url]

#16 By 244286 (212.235.107.174) at 10/29/2009 6:14:01 PM
A dead man is found in a locked room, hanging from the ceiling 4 ft. above the floor. The room is completely empty, except for a puddle of water below him. How did he die?















He stood on a block of ice and waited for it to melt. :)












[url=http://www.darkhd.com]bootleg movies online[/url]

#17 By 244286 (212.235.107.174) at 10/31/2009 11:26:26 PM
A dead man is found in a locked room, hanging from the ceiling 4 ft. above the floor. The room is completely empty, except for a puddle of water below him. How did he die?















He stood on a block of ice and waited for it to melt. :)












[url=http://www.darkhd.com]bootleg movies online[/url]

#18 By 246065 (212.235.107.174) at 11/4/2009 1:23:05 AM
Hey i found a site with a discount tire coupon that gets you 60 bux off from 4 tires or rims. Got myself a 225/55/16 tire set for $220!!
[url=http://www.discounttirecoupons.info/]Discount Tires Coupons[/url]
[url=http://www.discounttirecoupons.info/]tire discount coupon[/url]

#19 By 246065 (212.235.107.174) at 11/6/2009 12:50:29 AM
Hey i found a site with a discount tire coupon that gets you 60 bux off from 4 tires or rims. Got myself a 225/55/16 tire set for $220!!
[url=http://www.discounttirecoupons.info/]Discount Tires Coupons[/url]
[url=http://www.discounttirecoupons.info/]tire discount coupon[/url]

#20 By 257538 (94.23.115.141) at 12/4/2009 11:34:00 AM
Hi Jannes,

I just saw your question.

Go check out this site on [url=http://quizilla.teennick.com/stories/15482079/nintendo-wii-ombouwen]wii ombouwen[/url]. There are some great tips about wii ombouwen (modding you wii) on here.

Hope this will help you! I know it really helped me and now I have a collection of at least 20 wii games!!! All free.

Good Luck,

Helmut

#21 By 276334 (194.8.75.145) at 12/18/2009 11:51:18 AM
Hi,
<a href=http://nicheblogssquad.com/>Play Online Casino</a>
Online casinos are absolutely secure and you don't have to worry about your money as long as they are unauthorized and scammer casino websites wherein you're willing to try your fate on.
[url=http://nicheblogssquad.com/]Play Online Casino[/url]
It does take practice and skill to become a successful poker player.
http://nicheblogssquad.com/ - Online Casinos
Online gaming is taking the industry by storm and people don't even require leaving their home to have some fun with gambling.

#22 By 283504 (83.170.100.139) at 12/19/2009 7:00:51 PM
I am Looking for a reliable webshop for [url=http://seks-artikelen.jouwpagina.nl/]seks artikelen[/url] in the amsterdam area.

Thanks!

Hendrik

#23 By 296440 (77.92.78.226) at 12/29/2009 5:33:20 PM
Hi,

Anybody foud any reliable [url=http://www.stickam.com/wiiombouwensoftware]wii ombouwen software like this post[/url]?

Thanks!

Katie

#24 By 297888 (94.23.115.141) at 12/31/2009 4:36:04 AM
Hi,

Just ran into this great forum!

Thank you for having me here. I hope you guys can help me out on this one!

I am looking to buy some toys and lingerie for my girlfriend.

Therefore I need an [url=http://quizilla.teennick.com/stories/15737944/online-sexshop-belgie]online sexshop in Belgie[/url].

Thanks!

#25 By 241474 (94.23.226.25) at 12/31/2009 1:56:46 PM
Well my iphone finally did it died. I m leaving the states for a few months and i will need a knew phone, all stores near me are sold out of the iphone 3g S. So i was wondering what would be the easiest phone to grasp after using an iphone for a year.



________________
[url=http://unlockiphone22.com]unlock iphone[/url]

Write A Comment [Anonymous]
Please Enter Your User Name & Password: Or Sign Up For A New User Name


Notes:

[b][/b] Bold
[i][/i] Italics
[u][/u] Underline
Hyperlinks are added automatically, there is no need to add HTML code.

Write Comment
Return to News
  Displaying Comments 1 through 25 of 1899
Last Page | Next Page
  The time now is 11:57:30 AM ET.
Any comment problems or spammers? E-mail us
Spammers: Your posts will be deleted - do not waste your time!
Please Enter Your User name and password:

Sign Up For A User Name

 

  *  
  *   *
 
replica watches