Connect with us:

  • Welcome to AlpineZone, the largest online community of skiers and snowboarders in the Northeast!

    You may have to REGISTER before you can post. Registering is FREE, gets rid of the majority of advertisements, and lets you participate in giveaways and other AlpineZone events!

Dangers Microsoft OS Vulnerability

RossiSkier

RossiSkier

New member
Joined
Dec 30, 2004
Messages
599
Points
0
Location
N. Troy, NY
A new MS vulnerability has been discovered in regards to the Windows Meta File (WMF). The graphics rendering engine will allow remote code execution. What this means is that opening a picture, either on a webpage or in an email can run a program at another web address and install anything it wants onto your computer. Unto itself, it is not a virus, but allows hackers an open door to install one. Hackers have posted the source code for the vulnerability on the Internet for all hackers to exploit. MS has no patch for it at this time, but there are workarounds and one Russian programmer has made an ad hoc patch.

http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://isc.sans.org/diary.php?rss&storyid=996
 
Paul

Paul

New member
Joined
Mar 2, 2005
Messages
3,900
Points
0
Location
East Hampton, CT
bill%20y%20pantallazo.jpg


"640kb ought to be enough for anybody."
 
RossiSkier

RossiSkier

New member
Joined
Dec 30, 2004
Messages
599
Points
0
Location
N. Troy, NY
Waiting for the bomb to drop here. When the RPC vulnerability came out, we weren't on high alert and the MS Blaster came out. It SLAMMED us and we had to fix thousands of computers for weeks straight. Cost the company millions.

Now comes the picture vulnerability. Oh my goodness, the havoc this could cause is unimaginable.
 
smitty77

smitty77

New member
Joined
Aug 8, 2003
Messages
654
Points
0
Location
Athol, MA
Website
hotmix77.tripod.com
Yet another reason for me to get that Mac Mini I've been coveting.

Methinks I'm done with MS Windows for a while, at least for my own personal machine.

You are right RossiSkier, the implications for this are HUGE!
 
G

GadgetRick

New member
Joined
Mar 1, 2004
Messages
201
Points
0
Location
Near NYC
Website
www.rickandedith.com
Well, I'm a Mac-lover/Windoze-hater but these problems come from two things:

1. The popularity of Windoze. Doesn't make much sense to go after the smaller fish when you can get a much bigger bang with the biggest fish.
2. MS has always been lax with their security in their OSes. Still can't fathom why they need to have code which allows me to send you an email with an attachment, have you open that attachment to be able to send emails or other things. Still can't understand the usefulness of such a thing. Same thing with this vulnerability. Why is there code which allows such a thing?

I'm no programmer but it comes to common sense. At least make it harder for the jerks to be able to do damage to your computer...
 
bvibert

bvibert

Moderator
Staff member
Moderator
Joined
Aug 30, 2004
Messages
30,394
Points
38
Location
Torrington, CT
Windows Update just installed an update on my computers that seems to address this issue.
 
hammer

hammer

Active member
Joined
Apr 28, 2004
Messages
5,493
Points
38
Location
flatlands of Mass.
riverc0il said:
btw, isn't microsoft a pain in the butt? they make you use IE to download the patch from their site. jerks!
Click to expand...
This is one of the reasons I use the IE View extension in Firefox...as much as I prefer Firefox over IE, there are a handful of sites that only run properly with IE. :-?
 
dmc

dmc

New member
Joined
Oct 28, 2004
Messages
14,275
Points
0
The patch got installed on all the machines at work..

This whole thing is a moot point for me.. The software I work on is windows based..

Although we are using LINUX to do mainframe simulation on a couple of machines...
 
You must log in or register to reply here.
Top