Skip to comments.Windows SERIOUS Security flaw-- (Link to patch fix )
Posted on 01/02/2006 9:57:45 AM PST by emiller
The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.
Word of this spread rapidly through the hacker community many of whom where presumably on Holiday vacation from school, bored, and looking for something to do.
So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.
Note that this is not a "new vulnerability" it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows' metafile processing.
Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying the exploit.
Anti-Virus vendors quickly updated and began pushing out their A-V signature files. This have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are being bypassed.
Microsoft responded with an acknowledgement of the problem and a very weak workaround (the shimgvw.dll unregistration). But this is not
(Excerpt) Read more at grc.com ...
Yes, I posted the link on a thread the other day, but good to have it again. Gibson research can be trusted.
But, be SURE to bookmark this website so you can restore this function after Microsoft issues a patch. Otherwise, thumbnails may not work correctly, among other things.
Gibson tells you how to turn it back on when it's been patched.
Gibson Research is more trustworthy than Microsoft on security issues.
If you use Outlook - it's best to turn off the "preview" option for your inbox.
Theoretically, the bug can be exploited even if you don't open an email, by way of the preview. (at least that's what Laporte was saying yesterday).
This poster risked running the "hot fix" linked to from Laport's website (I think that's the one mentioned above) - now hoping that was the right thing to do. :)
But your talking about a patch to the OS. No one knows the OS as well as MS. Lots of hidden stuff in the OS.
Windows IS a security flaw.
I love my Mac(s)!!
Mac? What's a Mac? Hmmmm. Oh! That computer I use to run the Folding project on. Wish it were a bit faster. But I guess that will change with the switch to Intel, eh?
Ping! Hit any key to continue.
I don't get it - which one is the "any" key ???
Folks, don't do that in a forum like this. I am with you on the advantages of a Mac, but that isn't what people are looking for.
I have come on this forum before to get an answer to something, only to have people say "Get a PC", and then things degenerate into a flame war. It doesn't help.
I am a lifelong Apple user, and our comments like that only irritate Windows users. I have had a lot of luck getting friends, family and employees to try out the Mac, and they usually like them. But telling them the solution to their problems is buying a Mac isn't the way to do it.
Granted, the position of Mac users and viruses/spyware/trojans is very favorable, but we need to get the point across in a different way.
(Steps off soapbox)
Gotta use Windows in my work, but would like to try Linux for everything else. (I used Linux years ago and am told it has improved greatly in terms of usability; it was always rock-solid.)
Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.