Another in the never-ending series of security patches: Microsoft Fixes Critical Windows Vulnerabilities in Patch Tuesday Updates. Make sure you are set to receive automated updates if you use the Windows operating system. This week's patch Tuesday was a big one.
But that's not all. These patches do not address another critical bug found in Vista, Windows Server 2008 and Windows 7. This remotely exploitable vulnerability could result in a blue screen of death. Here is Microsoft's comment on the bug.
There is also an exploit in the wild for an un-patched vulnerability in Microsoft IIS, their web server.
But before jumping all over Microsoft for insecure code, consider Appleās Snow Leopard Is Less Secure Than Windows. It's just that Microsoft is in more hackers' sights.
Microsoft has the unenviable task of being like the walls enclosing a medieval town (your PC). They offer some protection but the real problem is that the entire world outside the wall (the Internet) has limited security and no authentication. The ongoing adoption of DNSSEC will enable these "walls" to be a lot more effective by authenticating web sites and enabling email authentication. It will make SSL and VPN tunneling truly trustworthy.
It puzzles me why Microsoft is essentially a non-factor in the DNSSEC community considering what a positive impact adoption will have on their bottom line.
Comments