Oops! Missed One Fix — Windows Attacks Under Way 292
CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"
no problem (Score:5, Funny)
Re:I don't understand (Score:5, Funny)
I wondered this as well, it couldn't very well be remote code execution or privilege escalation or anything like that, so I opened up the article. It appears that Wordp
Details to come... (Score:5, Funny)
Re:I don't understand (Score:0, Funny)
Re:I don't understand (Score:5, Funny)
This information is in the article, BTW.
In the what, now?
Re:I don't understand (Score:5, Funny)
It's very simple, really; the attacker breaks into your home or office, knocks you unconscious with a blunt instrument, boots up your computer and opens Wordpad.
Re:I don't understand (Score:2, Funny)
Re:WordPad exploitable? Just click (Score:4, Funny)
You mean all someone has to do is click on an attachment called "biggest breasts ever.wri"? Oh, NOBODY would be that dumb!
Re:WordPad exploitable? Just click (Score:3, Funny)
... while, at the SAME TIME, running a non-updated version of Windows, Windows 2000, or Windows Server 2003.
Does it have to be with the same hand?
j/k
Perhaps not, but... (Score:2, Funny)
I don't think grandma is using WinServer 2003
My grandmother still uses Windows ME. I have suggested she update, even offered to do it for her, but she resists, laboring under the delusion that the entire interface would change as drastically as the last time when she switched from an old Mac (and I mean old) to her current machine. I would insist, but at her current rate of adoption she won't actually connect it to the internet before the sun burns down to an ember... All that aside, my gran still uses an outdated version of Windows you insensitive clod!
Re:I don't understand (Score:5, Funny)
Oh please. Wordpad is like Notepad, only it can't make up its mind whether to be richtext or plaintext and it doesn't open files when you drop them into it.
Re:WordPad exploitable? Just click (Score:5, Funny)
I'd put a notice at the top of the file. "This naughty image is only compatible with the following versions of Windows: ..."
I'm sure many victims would kindly downgrade as needed to make my exploit work.
Re:::yawn:: nothing to see here, as usual. (Score:3, Funny)
He did specify .wri attachments you know, but the axe thing is equally good in my books.
Re:When are you fucking morons in the IT industry (Score:3, Funny)
You programmers better go back to school and start figuring out how to write code that doesn't fucking suck!
I'll get right on that chief. And I asked you to hold the pickles on this burger.
Re:I don't understand (Score:3, Funny)
Re:When are you fucking morons in the IT industry (Score:3, Funny)
It's 2009 where you live? What timezone is that?!
Re:I don't understand (Score:2, Funny)
Wordpad is like Notepad, only it can't make up its mind whether to be richtext or plaintext
What do you expect? Wordpad is 13 years old now. Things can be very confusing at that age. It's perfectly normal to experiment with both rich and plain text. The important thing, as the article points out, is to use protection.
And if Wordpad decides to be more stylish by wearing fancy fonts, bold typefaces, and italics, there's nothing wrong with that. Society has become a lot more except of rich text editors in the past few decades.
Re:I don't understand (Score:2, Funny)
Basically, don't open weird files that you find on the internet.
Any chance you could get that printed up on a mousemat or somthing? I'd certainly buy a few to send out to relatives and family friends as Xmas presents....
Re:I don't understand (Score:3, Funny)
Find/replace in notepad on large files makes it looks like I'm *really* busy on my computer at work. :-)
Re:WordPad exploitable? Just click (Score:2, Funny)
Re:I don't understand (Score:3, Funny)
There, corrected that for you.