ie8 fix
madison

Hardware 2.0

Adrian Kingsley-Hughes
Home / News & Blogs / Hardware 2.0

Kernel vulnerabilities discovered in Ubuntu

By | March 18, 2010, 7:41am PDT

Summary: Kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros.

I just know other outlets will eventually pick up on this and add nonsense and subtract the facts at their own leisure, so I thought it worthwhile to get in early.

A kernel vulnerabilities have been uncovered across a range of Ubuntu releases, covering 6.06 LTS to 9.10, also including Kubuntu, Edubuntu, and Xubuntu distros.

Here’s the key facts, with a key phrase highlighted:

Mathias Krause discovered that the Linux kernel did not correctly handle missing ELF interpreters. A local attacker could exploit this to cause the system to crash, leading to a denial of service. (CVE-2010-0307)

Marcelo Tosatti discovered that the Linux kernel’s hardware virtualization did not correctly handle reading the /dev/port special device. A local attacker in a guest operating system could issue a specific read that would cause the host system to crash, leading to a denial of service. (CVE-2010-0309)

Sebastian Krahmer discovered that the Linux kernel did not correctly handle netlink connector messages. A local attacker could exploit this to consume kernel memory, leading to a denial of service. (CVE-2010-0410)

Ramon de Carvalho Valle discovered that the Linux kernel did not correctly validate certain memory migration calls. A local attacker could exploit this to read arbitrary kernel memory or cause a system crash, leading to a denial of service. (CVE-2010-0415)

Jermome Marchand and Mikael Pettersson discovered that the Linux kernel did not correctly handle certain futex operations. A local attacker could exploit this to cause a system crash, leading to a denial of service. (CVE-2010-0622, CVE-2010-0623)

Key phrase: “a local attacker” … these exploits cannot be leveraged remotely, meaning the sky isn’t falling it on Linux users.

Updates are available for affected distros.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Hardware 2.0”

Topics

Denial Of Service, Ubuntu, Attacker, Linux Kernel, Vulnerability, Updates, Linux, Open Source, Security, Operating Systems, Software, Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology.

Disclosure

Adrian Kingsley-Hughes

All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog.

Biography

Adrian Kingsley-Hughes

Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.

Adrian has authored/co-authored technical books on a variety of topics, ranging from programming to building and maintaining PCs. His most recent books include "Build the Ultimate Custom PC", "Beginning Programming" and "The PC Doctor's Fix It Yourself Guide". He has also written training manuals that have been used by a number of Fortune 500 companies.

Adrian also runs a popular blog under the name The PC Doctor, where he covers a range of computer-related topics -- from security to repairing and upgrading.

196
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Kernel vulnerabilities discovered in Ubuntu
jorge.cordero@... 15th Jul 2010
Every system has flaws.
But, the important thing, is the impact on your business that these flaws have.
Every month I receive a "Microsoft Security Bulletin" that is a horror story about every MS server could be compromised no matter how often you update it.
And you paid $$$$ for it...
It's like to receive a letter from your car manufacturer every month telling that they discover that you can kill yourself driving because an X component has a design defect.
View in thread
0 Votes
+ -
Good Job Adrian!
Great Kahuna Updated - 18th Mar 2010
Glad to see you prove your worth as a tech blogger.
0 Votes
+ -
Yes I was curious what those updates were all about the other day...
~doolittle~ 18th Mar 2010
it's been near two months since I rebooted so it's never a bad thing.

In other news, windows users getting malware infections from zip files in facebook password-changing email requests.

http://www.reuters.com/article/idUSTRE62G5A420100318

When will they learn... you don't have to launch an attachment to change a password. What is the world coming to...
0 Votes
+ -
And in other news...
gigabot71 19th Mar 2010
If the Facebook password reset attack had targeted Linux users and
they were foolish enough to open the attachment, guess what "local
only" kernel vulnerability they could exploit? Derision points both
ways. And I'm NOT a Windows fanboy (it's not even my primary OS) -
I just get sick of Linux fanboys being smug when it comes to security
just because their platform of loverence hasn't been targeted due to its
underwhelming desktop market share.

Here's a hint to you guys before you go off bandying about the Locals
Only flag and make yourselves look foolish: almost all modern
vulnerabilities are "local only." The number of remote vulnerabilities in
modern operating systems is close to nil and when one is found it's
almost always in 3rd party software, not the OS itself. That's why we
repeatedly see social engineering attacks (like the Facebook password
reset one referenced above) used to introduce malware to a system.
It's the path of least resistance. The modern user is the security weak
point and no amount of "don't run as root", UAC, "Enter your admin
password to install" nonsense is going to change that.
0 Votes
+ -
Assumptions
trigggl 19th Mar 2010
That's assuming the user is using Ubuntu. It's also assuming they turned off the auto-updating that comes with newer versions. Then, the user of Ubuntu that turned off the auto-updating believed that Facebook would send them a Linux app.

It could happen.
0 Votes
+ -
These aren't elevation exploits.
AzuMao 19th Mar 2010
The worst they can do is lag the system or make it crash.

It is far easier to do this by spawning >5 1080p YouTube videos rendered with Adobe Flash. Adobe refuse to provide GPU acceleration in the Linux version despite standard APIs supporting this for years, so it will grind your computer to a halt, without any exploit necessary. Which would be the only way to do it, since these vulnerabilities no longer exist. That's the thing with Linux, it doesn't usually take ages to get fixed like Windows.
e.g. Chances are that by the time you hear of something nasty, it's already gone.
0 Votes
+ -
What does Linux and Obama have in common?
LBiege 18th Mar 2010
Yeah you guessed it, broken promises one after another.

This round it's the fabled "Many (*cough cough" BLIND) Eyes" approach, again. This is what, 1000th time the supposedly open, more robust than proprietary, FOSS flagship product pulled a joker? It reminds me the SEC debacle where they promised to monitor all the activities to prevent fraud and then let Madoff debacle blow up in front of their face. Let's face it, the "Many Eyes" promise is a lie along lots of other lip sticks they throw around this FOSS thing.
0 Votes
+ -
you're doing it wrong
~doolittle~ Updated - 18th Mar 2010
I was thinking MS is more in common with Obama since they failed 100% with WinFS - but we may have different needs that we think are important.

If you feel a security vulnerability = fail, then pretty much all software is fail. Unless you are a hypocrite happy Personally I feel 9 times out of 10 the user = fail for lack of common sense.

In the case of on-topic article, these are local only exploits so they would first have to gain access to your system to be exploitable. I wish them luck, since I am not the type of person who will launch an email attachment to change my facebook password, just because I got an email from an alleged facebook admin.
  • Flagged
0 Votes
+ -
It's not a security vulnerability.
AzuMao 19th Mar 2010
It doesn't give you any additional access/privileges. It's just a (complicated) way for someone using the computer to make it lag or crash. An easier way is to open a bunch of HD videos in Flash (since Adobe has refused to offer GPU acceleration for it under Linux due to deals with MS).
0 Votes
+ -
What does Linux and Obama have in common?
enawn 18th Mar 2010
I guess? If you got a bad install of Linux on your machine. Because mine has delivered like Reagen and Bush Jr. Right on the money, most of the time. I am just hoping it doesn't finish like Bush Jr. which still wouldn't be as bad Obama. I haven't had any problems with my workstation or laptop since I installed Linux. It runs faster, and actually runs cooler than it did when it was running windhos!!! Also, for customers that I have installed Linux for, I see less maintenance time for them than I do for my microhos customers.
But to be truthful they both have their purposes. You need an O.S. for mouse pushers, and then you need real O.S. for people who more interested in having a machine that is going to work for them day in and day out without a problem. :o)
  • Flagged
0 Votes
+ -
You have got to be kidding about Bush Jr.
Cayble 19th Mar 2010
How someone could put any faith into the laughing stock of the world I really don't know. How could someone, anyone not be ashamed that they ever chose such a...well lets just say chose this individual as their leader not once but twice:

"I promise you I will listen to what has been said here, even though I wasn't here." --at the President's Economic Forum in Waco, Texas, Aug. 13, 2002

"You teach a child to read, and he or her will be able to pass a literacy test." -Townsend, Tenn., Feb. 21, 2001

"My answer is bring them on." --on Iraqi insurgents attacking U.S. forces, Washington, D.C., July 3, 2003

"You work three jobs? ... Uniquely American, isn't it? I mean, that is fantastic that you're doing that." --to a divorced mother of three, Omaha, Nebraska, Feb. 4, 2005

"Too many good docs are getting out of the business. Too many OB-GYNs aren't able to practice their love with women all across this country." --Poplar Bluff, Mo., Sept. 6, 2004

"There's an old saying in Tennessee -- I know it's in Texas, probably in Tennessee -- that says, fool me once, shame on --shame on you. Fool me -- you can't get fooled again." --Nashville, Tenn., Sept. 17, 2002

"If this were a dictatorship, it'd be a heck of a lot easier, just so long as I'm the dictator." --Washington, D.C., Dec. 19, 2000

"Rarely is the questioned asked: Is our children learning?" --Florence, South Carolina, Jan. 11, 2000

"I'll be long gone before some smart person ever figures out what happened inside this Oval Office." --Washington, D.C., May 12, 2008

"Major combat operations in Iraq have ended. In the battle of Iraq, the United States and our allies have prevailed." --speaking underneath a "Mission Accomplished" banner aboard the USS Abraham Lincoln, May 1, 2003

"So what?" ?President Bush, responding to a an ABC News correspondent who pointed out that Al Qaeda wasn't a threat in Iraq until after the U.S. invaded, Dec. 14, 2008

"The British government has learned that Saddam Hussein recently sought significant quantities of uranium from Africa." --State of the Union Address, Jan. 28, 2003, making a claim that administration officials knew at the time to be false

"This is an impressive crowd -- the haves and the have mores. Some people call you the elite -- I call you my base." --at the 2000 Al Smith dinner

"I would say the best moment of all was when I caught a 7.5 pound largemouth bass in my lake." --on his best moment in office, interview with the German newspaper Bild am Sonntag, May 7, 2006

"This foreign policy stuff is a little frustrating." --as quoted by the New York Daily News, April 23, 2002

"Do you have blacks, too?" --to Brazilian President Fernando Cardoso, Washington, D.C., Nov. 8, 2001

"I think I was unprepared for war." ?on the biggest regret of his presidency, ABC News interview, Dec. 1, 2008

"You know, one of the hardest parts of my job is to connect Iraq to the war on terror." --interview with CBS News' Katie Couric, Sept. 6, 2006

"They misunderestimated me." --Bentonville, Ark., Nov. 6, 2000

And there are oh so many more as you know. GO ahead, align yourself with that mighty brain power and stalwart leadership. The ability to do that with a straight face speaks legions about an individual. And not a bit of it good.
  • Flagged
0 Votes
+ -
Wait.. what?
AzuMao 19th Mar 2010
How many illegal wars did Obama start on false premises? 2 or more? No? So how is he worse?
0 Votes
+ -
Can you say "Troll," boys and girls?
FrankleeMiDeer 22nd Mar 2010
I knew you could!
0 Votes
+ -
When did Linux promise that local users could never lag it/turn it off?
AzuMao Updated - 19th Mar 2010
At least it doesn't let strangers remotely take control of it without your permission, like paid (commercial) products such as Windows routinely do.

And did you really expect Obama to fix 8 years worth of damage, in 2 years?
0 Votes
+ -
Yeah, excellent reporting.
Jeremy-UK 18th Mar 2010
Stick to the facts, state them clearly, highlight the important parts. This
is useful (I'll go update the Ubuntu systems here). Can we have more like
this from ZDNet?

Thanks Adrian.
0 Votes
+ -
lol...Hilarious! Adrian a Tech blogger? mwaha ha
i2fun@... 18th Mar 2010
ooooohhh... so Linux is vulnerable to LOCAL DOS
ATTACKS! ....excuse me while I recover from this
news.

ahmmm.... If you're either stupid enough to run an
attack on OS in the same as the machine to merely
get it to reboot. I've got one for you to believe!

I can look at Windows OS computers and cause them
to reboot, but if I really wanted to attack a
computer, I'd be better off with a hammer. Because
neither Microsoft or Linux could withstand that
kind of a local attack!

BTW... Adrian? Quite pretending you know anything
about technology and especially anything having to
do with Linux. You Fool! wink
0 Votes
+ -
Let me know when it hits the Wilds! haha
i2fun@... 18th Mar 2010
Linux still has not been legitimately attacked
in the Wilds. These are lab conditions that are
so far away from reality that if you attempted
to duplicate them on a random machine of a
different distro, you'll get skunked. There are
some 500+ distros around the world and they are
all different. To get a simple DOS attack isn't
jack shizt on any other OS. So they got em on
Linux in a lab under certain conditions, with
time being one on of them.

If I'm a local attacker and I want to shut the
system down, isn't pushing the power button a
lot easier? grin
0 Votes
+ -
Correction - these were kernel vulnerabilities
daboochmeister 19th Mar 2010
Minor point, but your reference to "500+ distros" is irrelevant, except for the small handful that make fundamental kernel changes (and probably even those wouldn't have changed code in the areas involved).

Those 500+ distros all use the Linux kernel.
0 Votes
+ -
Local not LOCAL
rjacksix Updated - 19th Mar 2010
Local means someone logged into the computer. In real, production environments, we have hundreds of users logged in locally, but they may be across campus or the world. Very FEW people have access to the power button, promise!
0 Votes
+ -
Hey look, a magical exploit of awesomeness; :(){ :|:& };:
AzuMao 19th Mar 2010
Windows version; %0|%0



OMG I HACKED EVERYTHING!!1111
0 Votes
+ -
@i2fun - My previous defense of your right to be obnoxious...
Isocrates 7th Apr 2010
did not include remote or local personal attacks.
0 Votes
+ -
Except
rjacksix 19th Mar 2010
As many have APTLY pointed out...this isn't a Ubuntu issue, it is a Linux Kernel thing!

Little bit of yellow journalism in the title if you ask me (draw in the Ubuntu fan boys ehhh>)
0 Votes
+ -
Correction; was, not is.
AzuMao 19th Mar 2010
And hardly an issue, when there are easier ways to lag or crash a system you have access to.
0 Votes
+ -
So...?
Cylon Centurion 18th Mar 2010
Are they really vulnerabilities then? If only local....?
0 Votes
+ -
Yes. [NT]
JT82 18th Mar 2010
NT
0 Votes
+ -
RTFA, the "vulnerability" is already fixed.
AzuMao 19th Mar 2010
Of course, a good old fork bomb will still do the trick, regardless of OS.
0 Votes
+ -
They can be, at least for someone willing to commit suicide they are
Great Kahuna 18th Mar 2010
But if you really want to, you have better ways to render your own machine inoperable for a while like disconnecting it from power.
0 Votes
+ -
That's what I thought
Cylon Centurion 18th Mar 2010
Local vulnerabilities can't be too serious.
0 Votes
+ -
Local vulnerabilities can't be too serious.
Cyrorm 18th Mar 2010
They can be in the cooperate world, assuming a business has something of value running on a Ubuntu system, anyone in the building who has access to that system, say a disgruntle employee, could crash the the system causing untold loss of productivity (untold cause I don't know what would be running on Ubuntu of major financial importance).
0 Votes
+ -
A disgruntled user with local access and close to no
rikasa Updated - 18th Mar 2010
expertise could quite easily delete all local and networked files on a share that per chance had not yet been backed up, secretly sneak the computer home and burn it, stab it from all angles with a letter opener in an uncontrollable frenzy, spill coffee all over the keyboard 'accidentally on purpose'... who needs all that kernel know-how when you're disgruntled AND have local access happy
0 Votes
+ -
Vulns cause 'Denial of service' only.
Dietrich T. Schmitz GNU/Linux Advocate Updated - 18th Mar 2010
http://www.ubuntu.com/usn/USN-914-1
0 Votes
+ -
Not correct
honeymonster 18th Mar 2010
At least one of them may allow a user to disclose
sensitive information (kernel memory) or even
escalate privileges.
  • Flagged
0 Votes
+ -
There is no PoC for any privilege escalation.
Dietrich T. Schmitz GNU/Linux Advocate 18th Mar 2010
nt
  • Flagged
0 Votes
+ -
So you distrust the advisory?
honeymonster 18th Mar 2010
Refusing to acknowledge what is clearly stated?

You need actual proof of concept before accepting
that a vulnerability exists?

Cue the double standard. Have you ever demanded
PoCs before accepting that a Windows vuln exist?
  • Flagged
0 Votes
+ -
Only DoS has been demonstrated.
Dietrich T. Schmitz GNU/Linux Advocate 18th Mar 2010
That's all it is, or was, b/c it has been patched, a 'laboratory' simulation for a user who first must be successfully logged into to userland.

On Ubuntu with AppArmor, there is no possibility of priviledge escalation and 0wnage.

You'd have to take explicit steps to manually download from outside of the GPG keyring repository system a 'rogue' application that triggers a payload rootkit install.

Realistically for the user who stays in Ubuntu's 'ring of safety' repository system, that will never happen.

Ubuntu Linux: Life is good.
  • Flagged
0 Votes
+ -
Keep sipping that kool-aid
honeymonster Updated - 18th Mar 2010
Privilege escalation and access to kernel
memory renders Apparmor useless because
the very component (kernel) you trust to call
out to the LSM is compromised.

There are other ways to get malicious software
on your box than downloading from a repository.
A malicious script exploiting one of the many
(many!) Firefox vulnerabilities. Firefox was
*the* most buggy application of 2009!

Why is your standard that an working exploit
must be "demonstrated"? Do you demand the same
level of proof for Windows vulnerabilities?

Mozilla, Microsoft etc. all treat memory
corruption bugs as vulnerabilities which -
bar proof to the opposite - must be assumed to
be exploitable to run code.

Microsoft does not even consider the (many)
defenses built into Windows. Even if protected
mode completely contains a vulnerability, they
will still report it as important or even
critical.
  • Flagged
0 Votes
+ -
@honey: Funny how you grasp at straws
Great Kahuna 18th Mar 2010
Why is that? Is it because you have no other options left?
0 Votes
+ -
Redmond FUD damage control,of course...
still not nice 19th Mar 2010
This article says basically nothing beyond the theoreticals that honeymonster wants to cling to.

Remember, a Micro$oft shill's job is to spread Fear, Uncertainty and Doubt towards competiting Operating Systems.

Even if they only have "1%" marketshare, they are the biggest threat imaginable and they stand in the way of total Redmond world domination.
0 Votes
+ -
Of course DTS is denying it....
Pete "athynz" Athens 18th Mar 2010
it is a slur against his all mighty and ultra secure Linux you know... despite any sort of proof to the contrary he'll defend tooth and nail that Linux is invulnerable and that Windows has more holes than swiss cheese... Personally I'm just going to shake my head in pity because yet again he's killed any sort of credibility he's had...
  • Flagged
0 Votes
+ -
It's your beloved W7 that is contracting the BSoD/rootkit, not Linux.
Dietrich T. Schmitz GNU/Linux Advocate 18th Mar 2010
This story is about a 'vuln' which is causing a DoS only.

There is no PoC for privilege escalation.
And the user must 'first' be logged onto the local machine to run the exploit in userland.

It's a 'laboratory' vuln, patched, and 'non-event'.
  • Flagged
0 Votes
+ -
What proof?
still not nice 19th Mar 2010
There's no proof in this article. Did you bother to read the last sentence?

Key phrase: ?a local attacker? ? these exploits cannot be leveraged remotely, meaning the sky isn?t falling it on Linux users."

I suppose you could get the local or domain admin drunk and get him to reveal his password. Is that what you did?

lol... grin
0 Votes
+ -
Yes they are
Loverock Davidson 18th Mar 2010
Its a vulnerability any way you look at it. Just shows you how insecure linux is and how delusional linux user are about their OS.
0 Votes
+ -
Vuln Yes. Exploit No. Pwnage No. DoS Yes. DayQuil Too Much
Dietrich T. Schmitz GNU/Linux Advocate 18th Mar 2010
nt
  • Flagged
0 Votes
+ -
CVE-2010-0307: sensitive info disclosure, gain escalated privileges
honeymonster Updated - 18th Mar 2010
That qualifies as a pwnage vulnerability.

Denial-of-service vulns are still vulns. They
may not be used to pwn a machine, but they can
cause major service interruption.

These bugs are not just Ubuntu bugs, these are
Linux kernel bugs. Shared hosts can be
taken down by a single rogue (or compromised)
site.

And these bugs have been sitting in there since
2006!
  • Flagged
0 Votes
+ -
Horrors: So a user would have to be logged in to perpetrate a DoS
Dietrich T. Schmitz GNU/Linux Advocate Updated - 18th Mar 2010
OMG. Everybody. Quick. Run for cover.

This is a 'laboratory' proof of a situation which will never happen.

Regardless, those kernels have since been patched.

Life is good.
0 Votes
+ -
Yes, just like the SMB2 vulnerabilities
honeymonster 18th Mar 2010
which were discussed here like the sky was
falling.

And more "users" than you care to admit are
running at your box.

You are running, and any vuln in software you
are using will allow an attacker to run at your
box.

Linux is used extensively for shared hosting.
Have you any idea what "privilege escalation"
may lead to at those boxes?

Hint: all sites compromised, serving malicious
ads and redirecting users to malicious sites.
Like so many compromised Linux and Unix
machines are already doing...
  • Flagged
0 Votes
+ -
How the hell can you compare remote code execution to local DoS?
AzuMao 19th Mar 2010
  • Flagged
0 Votes
+ -
Are? Don't you mean "were"? They're already gone.
AzuMao 19th Mar 2010
  • Flagged
0 Votes
+ -
Vuln no. RTFA. It was fixed before he even posted it.
AzuMao 19th Mar 2010
0 Votes
+ -
@Dietrich - Why do you respond to trolls? [nt]
Isocrates 7th Apr 2010
nt
0 Votes
+ -
LD, leave it alone already
Filker0_z 18th Mar 2010
I do not think that LD is an idiot; he's got a cause and he seems willing to bend the truth to convince those without enough background of the correctness of his position. He also appears to have more time than someone with a professional career ought to have to scan through the ZDNet blogs and spread misinformation and half-truths.

I don't know much about LD or what his background is. I do know what my background is and what I know about security and software engineering. I know that I have been involved on and off with Internet and OS security since the mid-1990s. I know that I have been involved in security audits of OS code. I know the difference between security and safety. I know the meaning of, and difference between, authentication, trust, and confidence. A vulnerability that only permits a DoS attack, on its own, is a robustness problem, not a data security issue. The conditions created by a DoS attack can be exploited to create much greater damage, but that's true of all systems, not just Linux (or Windows) -- If you can stop a system from responding, you can steal that systems identity on the network and use that position to steal information directed at the disabled system. (A good network team can prevent this, but I've seen it done more than once.)

I have looked at the advisories attached to this issue; no arbitrary code execution, just invalid data access leading to at worse exposure of some (not all) kernel memory for read access (not write). Using the information you find there might lead to being able to gain root privs, but only by compromising the root password. That sort of thing does not lend itself to fully automated attack. I've seen much more serious vulnerabilities (mostly after they were fixed) in Linux over the years.

Meanwhile, my employer has excluded several types of attachments on e-mail from outside the corporate firewall because of the vulnerability of so many Windows machines to recent zero-day threats the Solaris and Linux systems on the network are not vulnerable.

Yes. As a non-privileged user, I can bring a Linux box down without much effort. It takes far less effort for me to hang a Windows box, though, especially one that depends on network mounts for the enterprise apps. Windows still has one of the least robust IP stack implementations I have to use on a regular basis.

Disclosure: I run Windows at home. I also run MacOS-X, Linux, Solaris, HP/UX, and occasionally some other less well known OSs. I used to be a professional Windows programmer.
0 Votes
+ -
RE: Kernel vulnerabilities discovered in Ubuntu
jorge.cordero@... 15th Jul 2010
Every system has flaws.
But, the important thing, is the impact on your business that these flaws have.
Every month I receive a "Microsoft Security Bulletin" that is a horror story about every MS server could be compromised no matter how often you update it.
And you paid $$$$ for it...
It's like to receive a letter from your car manufacturer every month telling that they discover that you can kill yourself driving because an X component has a design defect.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix