Huge blow to Microsoft Window Security

Discussion in 'Off-Topic' started by MikesTooLz, Jul 21, 2010.

  1. MikesTooLz
    Offline

    MikesTooLz Super Moderator Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    Trophy Points:
    0
    Location:
    Miami, FL
    Ratings:
    +20 / 0
    There is a new windows vulnerability that effects all versions of windows including older versions like windows 2000, NT, XP SP2 are no longer receiving updates from Microsoft due to them no longer being supported.

    User does not have to run a file to trigger this type of worm. Simply having a files icon displayed will trigger the malicious code. Even displaying a favicon icon that is from opening a website can trigger the malicious code to run on the users computer.


    Hopefully microsoft will jump on this quick and release updates for even those older versions of windows that no longer recieve updates.


    http://arstechnica.com/microsoft/news/2010/07/new-windows-shortcut-zero-day-exploit-confirmed.ars


    basically all windows users right now are vulnerable and can be infected via USB, network share, websites, etc...
    Last edited: Jul 21, 2010
  2. iPadCharlie
    Offline

    iPadCharlie iPad Super Guru

    Joined:
    Jun 19, 2010
    Messages:
    4,231
    Thanks Received:
    7
    Trophy Points:
    0
    Ratings:
    +8 / 0
    "Screw 'em! They should have upgraded to Windows7 when they had the chance!"
    Bill Gates
  3. MikesTooLz
    Offline

    MikesTooLz Super Moderator Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    Trophy Points:
    0
    Location:
    Miami, FL
    Ratings:
    +20 / 0
    Windows 7 Is also effected, the problem is with all versions of windows. If they don't put out a fix all older systems that have not installed the latests versions of windows could become infected by simply browsing a website or receiving an email.

    MS has come out with a "Quick Fix" until they are able to figure out how to put out a real fix. All this quick fix does is change some registry values to disable the displaying of all shortcut icons, instead you just get a white box.


    Make me glad I switch over to my MAC.
    Last edited: Jul 21, 2010
  4. iPadCharlie
    Offline

    iPadCharlie iPad Super Guru

    Joined:
    Jun 19, 2010
    Messages:
    4,231
    Thanks Received:
    7
    Trophy Points:
    0
    Ratings:
    +8 / 0
    Yeah, but it is still supported... for now! So what about these rumors for the Windows8 beta release? I wonder if it will come out before or after the 2nd generation iPad.
  5. Drag Bunt
    Offline

    Drag Bunt iPad Fan

    Joined:
    Jul 13, 2010
    Messages:
    151
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    the 'burbs of @lanta
    Ratings:
    +1 / 0
    The article you linked says

    There's no mention there of "simply browsing a website or receiving an email".

    Let's not make stuff up. Plugging a questionable USB key into your computer or network is a dumb idea, even on a Mac.
  6. MikesTooLz
    Offline

    MikesTooLz Super Moderator Staff Member

    Joined:
    May 7, 2010
    Messages:
    2,361
    Thanks Received:
    19
    Trophy Points:
    0
    Location:
    Miami, FL
    Ratings:
    +20 / 0
    That article doesn't mention it. but others have tested it out with favicon icons for websites and it works. I also watched the security Now podcast a few hours ago and Steve Gibson of Gibson Research said the same thing about it working with favicon icons for websites.

    The favicon is set to launch and execute a separate malicious file thats on the web server just like how the shortcuts launch a separate malicious file on USB drives and network shares.
    Last edited: Jul 21, 2010
  7. Drag Bunt
    Offline

    Drag Bunt iPad Fan

    Joined:
    Jul 13, 2010
    Messages:
    151
    Thanks Received:
    0
    Trophy Points:
    0
    Location:
    the 'burbs of @lanta
    Ratings:
    +1 / 0
    Latest info indicates this web exploit doesn't work if you're using Firefox or Chrome, and creates a popup warning if you're using IE8 on Vista or Win7.
  8. cmalinowski
    Offline

    cmalinowski iPF Novice

    Joined:
    Jun 10, 2010
    Messages:
    73
    Thanks Received:
    0
    Trophy Points:
    0
    Ratings:
    +0 / 0
    From the latest posted above:
    Although I'm guessing most people will ignore those pop-ups anyway :)

Share This Page