SoylentNews is people
SoylentNews
El Reg reports
Microsoft has patched 25 software vulnerabilities--including bugs that allow hackers to hijack PCs via Internet Explorer, Word and Excel files, and Visual Basic scripts.
Microsoft said its December's edition of Patch Tuesday includes critical fixes for Windows, Office and Internet Explorer as well as a patch for Exchange.
MS14-80: Addresses 14 security flaws in Internet Explorer, including various remote-code execution vulnerabilities and an ASLR bypass. The patch is considered a low risk for Windows Server systems, but critical for desktops, laptops and tablets. All the flaws were privately reported, and credit was given to various independent researchers as well as the HP Zero Day Initiative, Qihoo 360 and VeriSign iDefense Labs.
MS14-81: Two vulnerabilities in Word and Office Web Apps that allow an attacker to remotely execute code on targeted systems if the victims open booby-trapped documents. This update also applies to users running Office for Mac. Credit was given to Google Project Zero researcher Ben Hawkes, who privately reported the flaws to Microsoft. Rated as Critical.
MS14-84: A remote-code execution vulnerability (CVE-2014-6363) in the Windows VBScript engine can be exploited via a specially crafted webpage. Credit for discovery was given to SkyLined and VeriSign iDefense Labs. Rated as Critical.
The article also mentions Adobe software and Linux. Are any Soylentils running that combination?
(Score: 3, Funny) by Anonymous Coward on Thursday December 11 2014, @11:08PM
It's nearly 2015 and your Linux boxen were able to be pwned by Bash scripts exploting 25 year old bugs [wikipedia.org] and 23 year old [x.org] and27 year old [theregister.co.uk] X11 vulnerabilities.
Secure your own shit before throwing stones.
(Score: 0) by Anonymous Coward on Thursday December 11 2014, @11:49PM
It's nearly 2015 and I have still received spoofed e-mails with someone spoofing my own e-mail (Gmail) address.
(Score: 0, Troll) by Anonymous Coward on Friday December 12 2014, @12:06AM
Wow, Microsoft's rapid response team still gets first post privileges.
Simple answer: In Linux, these vulns are rare, and cause for intense discussion and activity to work out what went wrong and how to prevent similar failures. With Windows, it's grounds for a sigh, and a business as usual attitude.
(Score: 1, Insightful) by Anonymous Coward on Friday December 12 2014, @02:28AM
I too hate $hills who point out inconvenient facts I try to pretend don't exist.
(Score: 0) by Anonymous Coward on Saturday December 13 2014, @01:17AM
How about ones that point out the MS has just had to fix 25 vulnerabilities in ONE patch. Shillboy is trying to conflate that with two Linux vulns identified in the past three months.
(Score: 2) by mcgrew on Friday December 12 2014, @02:50PM
Wow, Microsoft's rapid response team still gets first post privileges.
Simple answer: In Linux, these vulns are rare, and cause for intense discussion and activity to work out what went wrong and how to prevent similar failures. With Windows, it's grounds for a sigh, and a business as usual attitude.
That comment was in no way a troll. WTF, Soylent? Obviously, MS shills have mod points today. That comment was 100% true and in no way inflammatory.
I use both Windows and Linux; I have a W7 notebook, an XP tower and a kubuntu tower. I dread patch Tuesday when my notebook is unusable for half an hour; Linux has no such thing. When there's a bug fix, a message flashes, you click once and keep on working. The few times the kernel needs patching, rather than MS's nagging, it asks if you want to wait, reboot later, or not be reminded again.
If I wanted to be nagged I'd have stayed married.
I don't patch the XP box, I just keep it off of the network.
I've been on Linux ten years and never had a single security problem. Meanwhile, back in the W98 days I was hacked twice and rooted by Sony's XCP malware. Fool me once...
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Friday December 12 2014, @03:17AM
Don't worry. All these old bugs will be replaced by the more recent bugs in systemd-shell, and systemd-x that will replace these legacy systems you mentioned.
Aside: no, I'm not the usual systemd troll around here, but couldn't resist in this case.