New Windows exploit

Remove all ads!

Apparently, there is a nasty new Windows vulnerability out there; more details can be found at this blog Security fix.

This looks to be pretty ugly; if I understand correctly, it is enough to visit a web page to get infected; you don't need to actually download anything (if you use IE; if you use firefox, you can still get infected by actively downloading stuff). As a consequence, the malicious site can install keyloggers/rootkits on your computer (although it seems that what they install so far is only spyware/adware). There is no patch for this vulnerability (a potential workaround is mentioned on the page linked above, but is not clear that actually fixes everything). Probably the best defense for now is to exercise some care with your surfing

I thought I should give you guys a heads-up.

 

True and there are already many web pages that exploit this vulnerability. Just need to be more careful until Microsoft will release a fix.

 

Oh crap... *looks at window with pr0n*

I'm screwed...

 

What's a "pr0n"? Sounds like gibberish "leet" talk to me.

 

Porn, HB. Yes, it is.

Hmm, it says XP is affected. Is it just XP or do I need to worry with my 2K? Not that I d/l much, mostly surfing.

 

The following OS's are affected:

Windows 98 / 98 SE
Windows ME
Windows 2000 SP 4
Windows XP (Original, SP1, SP2 and x64 Edition)
Windows 2003 (Original, SP1, x64 Edition, Itanium)

So that includes about every version of Windows that is in wide use. Also remember that with IE it is enough to just visit a malicious site.

 

I use Firefox and I have Zone Alarm that asks me everytime something wrong is trying to access my computer, so, ZA helps?

 

Firefox helps against this problem.

ZoneAlarm doesn't. At all.

Firefox doesn't automatically open the filetype that is used in this exploit. Downloading image files may still get you infected, though.

EDIT: Note, the NEWEST Firefox helps. And not much.

[ December 30, 2005, 13:08: Message edited by: Taza ]

 

I temporarily removed the flawed dll which is supposed to handle the infected images, so I guess that makes me safe for this bug(I'm not really sure, so I don't dare to tell you how I did it, less I get you all infected), now just the other 3.243 x 10^12 bugs that Windows has..

@Erod, every Windows version since 3.0 is affected

 

Microsoft released the patch for this yesterday.

 

Actually they released it tuesday, but AFAIK that is only for the XP and 2003 systems, not for anything older, and many companies still work with NT4 systems.

Edit: Oops, I'm wrong again, they released it yesterday(thursday) instead of the originally planned tuesday. But still, only for XP and 2003.

 

It was also released for Windows 2000.

Apparently Windows 98/ME (no one should be using these anyway) will not get any official patches as they are so old that Microsoft will only release critical updates for them (if this is not critical then what is...?).

 

Microsoft has ceased any and all support for anything pre-Win2000, including NT, 98 and ME. So, no update, regardless of how critical they are.

But, Win98SE has its nice side

 

BTA...I hope you have a high end computer to run Windows Vista. From what I've read, it's going to take a lot of RAM, CPU, and GPU power to run.

Does anyone have the actual link to the patch. I haven't wasted my time with Windows Update for a long time, and there are just so many "critical updates" to sort through, finding the right one will take forever.