The Cellar

The Cellar (http://cellar.org/index.php)
-   Technology (http://cellar.org/forumdisplay.php?f=7)
-   -   New Zero Day Windows Vulnerability (http://cellar.org/showthread.php?t=13728)

BigV 03-30-2007 06:07 PM
New Zero Day Windows Vulnerability
 
Dog Windows all you want, it pays the bills for me. And today I'm earning my pay. As a courtesy to all my friends in the same boat around here, I offer this urgent warning: Get this patch. Now.

Here's why:

Quote:
March 30, 2007 (Computerworld) -- The Windows zero-day bug now being used by attackers is extremely dangerous, security researchers said today, and ranks with the Windows Metafile vulnerability of more than a year ago on the potential damage meter.

"This is a good exploit," Roger Thompson, CTO of Exploit Prevention Labs, said in an instant message exchange. "It's very dangerous. One of the reasons is that there's no crash involved...it's instantaneous. And all it takes is visiting a site."

...

"This is reminiscent of the former Windows Metafile (WMF) attacks from 2005 and 2006," Ken Dunham, director of VeriSign Inc.'s iDefense rapid response team, said in an e-mail. "It's trivial to update, multiple sites now host the code in a short period of time, and the highly virulent file exploitation vector within Windows Explorer exists."
Break's over--get busy people.

Kitsune 04-02-2007 04:02 PM
Oh, for the love of... :smack:

glatt 04-02-2007 04:14 PM
But Firefox is immune, right?

mbpark 04-02-2007 07:17 PM
No
 
This is a system-level problem with how Windows handles .ANI cursor animations.

In other words, it doesn't matter what you run on top of Windows. If you get this, you've got issues with your PC.

BigV 04-03-2007 10:45 AM
The latest news is that MS will be releasing a patch *today* to fix this problem. I have just visited the Microsoft Update page, and no patch is available yet. But watch this space. It should happen today.

By the way, the third party patch described in the OP installed fine for me, and like most defensive measure, there's no way to tell if it did its job. Anyway, many others in my organization did have trouble with it, but all those troubles were related to the distribution method, not to the patch itself. It remains to be seen what complications I face when the MS patch comes out and I have a mixed set of systems with the 3rd party patch applied and some without. I reckon the "without" group will have the least trouble. I may find the "with" group will need to have the patch uninstalled. Lovely.

BigV 04-03-2007 12:39 PM
Order UP!

Your patch is ready. Check Microsoft Update or Windows Update.

Beestie 04-07-2007 07:46 AM
And then don't forget to get the patch to fix the patch. :smack:

BigV 04-10-2007 11:44 AM
*whimpers*

Please, just make it stop. UNCLE, already.

Perry Winkle 04-10-2007 08:14 PM
/grant hugs his copy of Parallels


All times are GMT -5. The time now is 04:36 PM.

Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.