• Welcome to AlpineZone, the largest online community of skiers and snowboarders in the Northeast!

    You may have to REGISTER before you can post. Registering is FREE and lets you participate in giveaways and other AlpineZone events!

Dangers Microsoft OS Vulnerability

UnlistMe
Inventry
RossiSkier

RossiSkier

Well-known member
Joined
Dec 30, 2004
Messages
599
Reaction score
0
Location
N. Troy, NY
A new MS vulnerability has been discovered in regards to the Windows Meta File (WMF). The graphics rendering engine will allow remote code execution. What this means is that opening a picture, either on a webpage or in an email can run a program at another web address and install anything it wants onto your computer. Unto itself, it is not a virus, but allows hackers an open door to install one. Hackers have posted the source code for the vulnerability on the Internet for all hackers to exploit. MS has no patch for it at this time, but there are workarounds and one Russian programmer has made an ad hoc patch.

http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html

http://www.microsoft.com/technet/security/advisory/912840.mspx

http://isc.sans.org/diary.php?rss&storyid=996
 
bill%20y%20pantallazo.jpg


"640kb ought to be enough for anybody."
 
Waiting for the bomb to drop here. When the RPC vulnerability came out, we weren't on high alert and the MS Blaster came out. It SLAMMED us and we had to fix thousands of computers for weeks straight. Cost the company millions.

Now comes the picture vulnerability. Oh my goodness, the havoc this could cause is unimaginable.
 
Yet another reason for me to get that Mac Mini I've been coveting.

Methinks I'm done with MS Windows for a while, at least for my own personal machine.

You are right RossiSkier, the implications for this are HUGE!
 
Well, I'm a Mac-lover/Windoze-hater but these problems come from two things:

1. The popularity of Windoze. Doesn't make much sense to go after the smaller fish when you can get a much bigger bang with the biggest fish.
2. MS has always been lax with their security in their OSes. Still can't fathom why they need to have code which allows me to send you an email with an attachment, have you open that attachment to be able to send emails or other things. Still can't understand the usefulness of such a thing. Same thing with this vulnerability. Why is there code which allows such a thing?

I'm no programmer but it comes to common sense. At least make it harder for the jerks to be able to do damage to your computer...
 
btw, isn't microsoft a pain in the butt? they make you use IE to download the patch from their site. jerks!
 
riverc0il said:
btw, isn't microsoft a pain in the butt? they make you use IE to download the patch from their site. jerks!
Click to expand...
This is one of the reasons I use the IE View extension in Firefox...as much as I prefer Firefox over IE, there are a handful of sites that only run properly with IE. :-?
 
Yay, Microsloth.



Reason number 1,894,397 (Subsection F) for me to continue using Fedora and KDE...
 
The patch got installed on all the machines at work..

This whole thing is a moot point for me.. The software I work on is windows based..

Although we are using LINUX to do mainframe simulation on a couple of machines...
 

Latest posts

Back
Top