As the holiday season rises to a fever pitch, you may be thinking
about buying someone – or buying for yourself – some cool new digital media
geegaw. If so, you need to know about Bruce Kratofil’s BugBlog and its December
LAS VEGAS – PC Magazine announced here on Monday evening the latest
winners of its annual Technical Excellence Awards, as it has done
in a hotel auditorium at the Comdex computer show for many years. Comdex
this time around was almost the smallest show ever – with the
management actually charging $50 to $100 for some exhibit-only tickets,
the registered crowd amounted to only about 50,000. That’s down from more
than a quarter of a million before the dot-com bubble burst (although it
seemed to me back then that the entire population of California had
somehow been jammed into the exhibit halls and taxis).
I’ve just returned from the Professional Developers Conference in
Los Angeles, where Microsoft announced that there’s a great version
of Windows coming if you can just wait a few years.
After a frustrating six weeks of complaints from Windows users,
Microsoft has released a fix for its patch known as security bulletin
(Knowledge Base article
which was released in August. The patch was supposed to correct
serious flaws in Internet Explorer 5.01, 5, and 6 but in fact left some
problems wide open.
I wrote in the Sept. 18 issue
of Brian’s Buzz on Windows that a critical Microsoft security patch does
not actually close the hole it was intended to correct. Now virus attacks
that take advantage of this flaw have appeared “in the wild,” on Web pages
that infect Windows PCs without warning.
Son of a patch, it happened again.
I reported in the Sept. 4 issue
of Brian’s Buzz that a patch for Internet Explorer 5 and 6 that was rated
“critical” Microsoft should be installed immediately: bulletin
and Knowledge Base article
This isn’t the first time that a Microsoft patch has needed a patch.
And it won’t be the last time, either. Fortunately, it’s not the most
horrible or widespread “son-of-a-patch” I’ve ever seen. But it affects
enough people that you may want to listen up.
The serious security hole in Windows that I warned you about in the
July 24 and
issues of Brian’s Buzz exploded onto the front pages of newspapers around
the world on August 13. Hundreds of thousands of PCs – afflicted with a
vulnerability in the Remote Procedure Call (RPC) of
Windows – were infected a worm that’s been called Blaster, MSBlast,
and Lovsan. Variants of that worm have been spreading since then, and
the problem won’t totally go away any time soon.
I reported in the last issue
of Brian’s Buzz on the “port 135” security hole that Microsoft recently
described as critical. This flaw affects not only Windows XP, 2000, and NT 4.0,
but also the much-hyped new Windows Server 2003. Microsoft has released a
patch, but most people haven’t installed it yet. Well, time’s running out –
worms that exploit the flaw started making attempts to hit every PC on the
Internet just a couple of weeks after the vulnerability became publicly known.
Every time Microsoft releases “the most secure operating system ever,”
the security flaws just keep on coming. Last week, Microsoft
notified users that a hole rated “critical” (the most severe rating)
affects not only Windows XP, 2000, and NT 4.0, but also its new, much-vaunted
Windows Server 2003 product. Microsoft says Windows Me is not
vulnerable, but it didn’t test Windows 9x, which the company no longer