Patches Execute Remote Execution Flaws -- Redmondmag.com

Patches Execute Remote Execution Flaws

By Doug Barney
06/11/2007

Tomorrow, Microsoft will release a batch of patches that target remote execution flaws in Visio, Internet Explorer and Office. Is it just me, or do almost all flaws allow a hacker to remotely do something?

In any case, it's good to see Microsoft tackling what could be some very dangerous problems.

Are you happy with Microsoft's patching strategy? Is Microsoft security getting better? Let us know at [email protected]!

Patch Tuesday = Upgrade Tuesday
Also tomorrow, Microsoft will push Windows Server 2003 SP2 through automatic updates. While the upgrade has been available since March, Microsoft is really putting the pressure on IT to make the SP2 move.

You can go out of your way, download a toolkit and block the upgrade -- and SBS customers might want to do so. There are some known connectivity glitches that mostly affect SBS, including problems with Outlook, SecureNet and VPNs.

Despite some problems (this is software, after all) this upgrade seems well worth the disk space. It includes a new rev of the management console and some interesting scaling technology to help handle big processing loads.

Google's Got the Goods on You
Kids demand privacy. If you peek inside their diary, listen in on a phone call or don't knock before opening their door, you'll get a shoulder colder than a frozen beef shank. But these same kids don't seem to mind when Google does the invading.

Privacy International calls Google an "endemic threat to privacy," in part because it hangs on to your search history for years.

Yes, Eric Schmidt knows exactly how many times you searched for Pam Anderson JPEGs.

Dell and Sam
Dell recently switched from its direct-only strategy and will now sell through the channel. And not just any old reseller; Dell will sell through discounters such as Sam's Club and Wal-Mart (have you ever noticed that people always add an "s" to the end of Wal-Mart?).

In keeping with the low-end nature of these stores, Dell will only sell low-end models.

Are You Ready for Vista? Take Two
A tool to test your old PC's ability to run the new Vista OS is now its second release. The new rev is designed to check out as many as 10,000 PCs for Vista readiness, and includes deeper Active Directory hooks.

I still maintain that Vista is best run on new PCs. Tell me where I'm wrong at [email protected].

Mailbag: Low-Cost Laptops, IBM and the SEC, More
In the footsteps of the One Laptop Per Child initiative, Intel and Asustek are teaming up to produce their own line of low-cost laptops for developing countries. Here's what one reader thinks about the project:

I think this is a very good initiative. To make it succesful, though, I think it needs to be embedded/integrated in a broader project/program on a long-lasting basis. The following subjects need to be in this program:

Hardware support (spare parts, help desk)

Power supply availability

Training and education will be necessary (Microsoft OS, OpenOffice, use of Internet/e-mail)

Internet connections will have to be made available and maintained

People will have to feel that this is a project of their own, not something invented "for" them behind a desk in another country. In Tchad, I have seen a good-will project, supported with tons of money form the world bank, stranded because the project didn't "match" with their way of life

Young people must be tought how they can make a bussiness with Internet applications (e.g., e-shop for local products)

If not, there is a risk that thousands of laptops will be used only as a nice toy by children.
-Oskar

Last week, IBM settled with the SEC on its stock option probe: IBM promised not to do it again and, in exchange, the SEC didn't issue any fines. Bob isn't impressed:

I just love it when all the big boys play nice and stick to everyone else. From one side, there's 'I won't fine you this time,' and from the other side, "We won't do this anymore."

My kids would love that kind of settlement for a premeditated, well-thought-out, intentional screw-up. Next time you feel froggy, try that one on for size and see what it gets you. Be sure to let me know what day or days are open for vistors (and between what hours). Do I hear slammer in your future?
-Bob

After the announcement last week of a Google-Salesforce.com partnership, Lafe asked readers what they think of the spread of online ads:

Don't like it one bit. The more ads, the greater the security risk.
-Karen

Got something to add? Leave a comment below or send an e-mail to [email protected].

About the Author

Doug Barney is editor in chief of Redmond magazine and the VP, editorial director of Redmond Media Group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.