 |
 |
| ActiveWin | Anonymous | Create a User | Reviews | News | Forums | Advertise | VBA in Excel | Users Online: 0 |
|
|
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
Active Network |
|
ActiveMac |
|
ActiveWin |
|
ActiveXbox |
|
DirectX |
|
Downloads |
|
FAQs |
|
Interviews |
|
MS Games & Hardware |
|
Reviews |
|
Rocky Bytes |
|
Support Center |
|
TopTechTips |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows Vista |
|
Windows XP |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
Apple/Mac |
|
Xbox/Xbox 360 |
|
News Search |
|
XML/RSS Newsfeeds |
|
Pocket PC Site |
|
|
|
|
|
|
|
FAQ's |
|
Windows Vista |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows Server 2003 |
|
Windows XP |
|
Windows 7 |
|
Windows 8 |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox 360 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
Latest Reviews |
|
Xbox/Games |
|
Fable 2 |
|
|
|
Applications |
|
Windows Server 2008 R2 |
|
Windows 7 |
|
Adobe CS5 Master Collection |
|
|
|
Hardware |
|
Microsoft Express Mouse |
|
|
|
|
|
|
|
Latest Interviews |
|
Mike Swanson |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Advertise |
|
Affiliates |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
 |
Microsoft Warns of HP Patch Problem | |
|
||
| Time: 01:02 EST/06:02 GMT | News Source: *Linked Within Post* | Posted By: Kenneth van Surksum | ||
|
Users of Hewlett-Packard Co. printers, scanners and cameras may be experiencing some problems after installing Microsoft’s latest round of security patches, released late last week. The problems, which concern a Windows operating system patch numbered MS06-015, can cause some applications to crash, Microsoft warned Saturday. |
||
|
Read Only Comments Return to News |
Displaying Comments 1 through 16 of 16 |
This is an archived static copy of ActiveWin.com. |
| #1 By 23603 (204.19.71.2) at Tuesday, April 18, 2006 08:27:45 AM |
| Really intelligent comment RAID0.... |
| #2 By 29664 (38.116.145.116) at Tuesday, April 18, 2006 09:31:45 AM |
| Well I would count this as a serious problem. Sounds like it hits machines with devices directly attached which is minimal at my company but, we'd have a hell of a time knowing the source of the issue unless I saw this article. |
| #3 By 12071 (203.206.253.53) at Tuesday, April 18, 2006 11:22:32 AM |
|
I posted a link to this story in another thread... didn't realise I'd need it again so soon! Good old patch MS06-015!!
http://www.eweek.com/article2/0,1895,1949279,00.asp "Is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of "misleading" customers by not clearly spelling out exactly what is being patched in the MS06-015 bulletin released on April 11." "In an entry posted to the SecuriTeam blog, Murphy noted that the vulnerability that is documented was privately reported, but the "variation" that was also patched has been publicly known for 700+ days." It has been long argued that Microsoft's appalling track record when it comes to releasing patches is due to them having to test so many different variations - but it doesn't seem that their testing is any better or worse than anyone elses. Perhaps, as Mr Murphy pointed out, if Microsoft provided more detailed information in their bulletins customers could have had a better idea of the risks associated with this patch - after all, clicking on File -> Open is a fairly common task! This post was edited by chris_kabuki on Tuesday, April 18, 2006 at 11:23. |
| #4 By 32132 (64.180.219.241) at Tuesday, April 18, 2006 11:32:08 AM |
|
#4 Secretiveness is a great topic Chris. I notice that details of most of the last 21 security holes in Firefox are being deliberately kept secret.
Do you think thats a good idea? http://secunia.com/advisories/19631 For example, this one: http://www.mozilla.org/security/announce/2006/mfsa2006-16.html Exploit code and details embargoed during the active update period. |
| #5 By 3746 (71.19.43.237) at Tuesday, April 18, 2006 11:34:05 AM |
| hey i though firefox was perfect like other open source software and doesn't have any security problems? |
| #6 By 32132 (64.180.219.241) at Tuesday, April 18, 2006 11:34:44 AM |
|
As for 700+ days:
https://bugzilla.mozilla.org/show_bug.cgi?id=265736 October 23, 2004. I thought open source fixed bugs in days ... not 450 days. I would check how old the others are ... but most are embargoed. |
| #7 By 15406 (216.191.227.68) at Tuesday, April 18, 2006 12:34:43 PM |
|
I thought the apologists excuse for MS taking weeks to issue a critical patch was that the patch had to go through a gauntlet of harcore tests to make sure nothing got broken. So the patch comes out and breaks everything under the sun, from Explorer to IE. Now HP devices are screwed too? Awesome work, MS.
|
| #8 By 22962 (12.205.118.31) at Tuesday, April 18, 2006 01:11:51 PM |
|
hey i though firefox was perfect like other open source software and doesn't have any security problems?
None of the softwares are safe nor secure. IE has more holes than Firefox. For more info about Firefox/IE security holes, go to the website at: http://secunia.com |
| #9 By 32132 (64.180.219.241) at Tuesday, April 18, 2006 01:55:51 PM |
|
#10 "IE has more holes than Firefox."
Not over 2005/2006. However, if you use Secunia as a source, you get 1 advisory for the 21 security holes in Firefox last week ... so its not a good place to add them up. #4 In regards to "disclosure" http://blogs.technet.com/msrc/archive/2006/04/15/425311.aspx "Another question I’ve gotten is around the defense in depth change documented in MS06-015. There’s been some confusion around that I think, but as is our normal practice for security bulletins, we document the existence of any additional defense in depth product behavioral changes, as well as the area of functionality where the change occurred so that customers can assess the impact to their environments. However, providing more detail on internal product changes could serve to aid attackers. Suffice to say the change is *not* related to a software vulnerability, merely a product behavior change to make the product more resilient to attack. There’s been some feedback we can make that more clear so we will work to do so in the future. On the whole, customers have been clear that we need to strike a balance between providing information to assess risk, and aiding attackers. But as our constant readers know, the information in our security bulletins has become more and more detailed over time so we certainly will be listening to your feedback about the information we provide to make the bulletins better." |
| #10 By 32132 (64.180.219.241) at Tuesday, April 18, 2006 02:00:45 PM |
|
More info:
http://blogs.technet.com/msrc/default.aspx "Hi everyone, Mike Reavey here again. I wanted to follow up with the results of our investigation into some issues with security update MS06-015. Turns out that under certain circumstances, changes introduced in MS06-015 could cause an application to stop responding during specific interactions with older versions of Hewlett Packard’s “Share-to-web” software utility, or older NVIDIA video card drivers. In the case of the Hewlett Packard software, their new version known as “HP Image Zone Version 5” is not affected. Neither are the most recent NVIDIA graphics card drivers. So customers running these more recent versions are not affected by this issue. The current versions of the Hewlett Packard and NVIDIA software are available from the manufacturer websites. To give you some idea of the scope of the problem, so far out of over 120 million successful installations of the MS06-015 update, the number of calls related to this issue is currently well under a thousand. Of course, even one customer having a problem is too many and that’s why we’ve been working on investigating this and determining solutions. We are also continuing to monitor the situation to measure scope and impact. We’ve updated security bulletin MS06-015 to document this issue. In addition, we published knowledge base article 918165, which details the older software this issue affects. We’ll be updating that soon to provide locations to the updated software that is unaffected by this issue. We’re working directly with the manufactures of the affected software to assist customers. So to be clear, customers who are running the latest NVIDIA drivers, or who are running the current version of the Hewlett Packard Image Zone software are not impacted. Customers who believe they are affected should upgrade to the latest versions of the affected software, or they can contact Microsoft Product Support Services for assistance. Contact Product Support Services in North America for help with security update issues at no charge using the PC Safety line (1-866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/gp/securityhome Meanwhile we're still looking at the best way to assist customers who may have been impacted by this and I encourage everyone to review KB article 918165 or contact us using the number above if they think they are having the problem." |
| #11 By 15406 (216.191.227.68) at Tuesday, April 18, 2006 02:52:04 PM |
|
Wow, Parkkker. I've never seen anyone work so hard at spinning as you. I hope MS is paying you enough to make it all worthwhile.
|
| #12 By 22962 (12.205.118.31) at Tuesday, April 18, 2006 03:24:38 PM |
|
#11, I have not checked with the secunia for awhile. Last time I checked, that IE had more holes than firefox.. that's why I heard that security news. I have been busy with work and not able to have time to check all the websites for most lastest news or updates. Thanks for recent update. This post was edited by budmanjr on Tuesday, April 18, 2006 at 18:06. |
| #13 By 32132 (64.180.219.241) at Tuesday, April 18, 2006 06:02:32 PM |
| #13 Latch, I hope whoever is paying you gets credit for hiring the mentally challenged. |
| #14 By 15406 (216.191.227.68) at Wednesday, April 19, 2006 09:36:07 AM |
| #15: Be nice, Parkkkkker, or I'll have your mommy take away your Bill Gates doll. |
| #15 By 3746 (71.19.43.237) at Wednesday, April 19, 2006 11:54:54 AM |
|
#10
I was being sarcastic. Thanks for the lesson though. |
| #16 By 32132 (142.32.208.232) at Wednesday, April 19, 2006 01:20:45 PM |
| #16 Dolls? I thought playing with dolls was a Linux thing ... isn't that what the Penguin is? |
