Hackers Jump On Newest IE7 Bug

CWmike writes "Attackers are already exploiting a bug in Internet Explorer 7 that Microsoft patched just last week, security researchers warned today. Although the attacks are currently in 'very, very small numbers,' they may be just the forerunner of a larger campaign, said Trend Micro's Jamz Yaneza. 'I see this as a proof-of-concept,' said Yaneza, who noted that the exploit's payload is extremely straightforward and explained that there has been no attempt to mask it by, say, planting a root kit on the victimized PC at the same time. 'I wouldn't be surprised to see this [exploit] show up in one of those Chinese exploit kits,' he added. The new attack code, which Trend Micro dubbed 'XML_Dloadr.a,' arrives in a spam message as a malicious file masquerading as a Microsoft Word document."

Whew!

[the_humeister]

Glad I'm using Lotus Notes. Hmm...

Re:Whew!

[the_humeister]

Oops! Wrong exploit I was referring too. Stupid 'submit' button...

Re:Whew!

[Anders]

Glad I'm using Lotus Notes.

That's a first!

Re:

[just_another_sean]

So is the guy's name in the article...Jamz lol what a goofy name hehe

Pfft. This from a guy named "Anonymous Coward".

Hopefully attacks like this won't be as prevolent

[kcbanner]

...when Microsoft stops bundling IE with Windows (depending on what happens with that anti-trust case in the EU). Does anyone know if that would also affect NA?

Re:Hopefully attacks like this won't be as prevole

[the_humeister]

And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

Re:

[kcbanner]

I know. I'm just thinking in terms of the botnet spread "factor", I think that will go down as more people start using firefox/more secure browsers, and that market share will go up when Microsoft stops bundling IE. Of course they are just going to get the OEMs to do it for them, maybe some OEMs will package Firefox, who knows.

Good luck with that thought...

[malakai]

Fire Fox has it's own Zero Day attack [mozilla.com]
I got nailed with the XP Police 'anti-virus' by navigating to a url via FireFox. No additional clicking, no user-error, no accepting/running/allowing anything out of the ordinary. Simply watched page load then was infected.

I went back to the page in question with IE 8 and it wasn't vulnerable to whatever attacked FF 3.06.

The browser religion war is over and we've all lost to shoddy programming. You can always attempt to hide in the latest obscure OS/browser, but at some

Re:

[Anonymous Coward]

exactly. this is precisely the reason that Apache has far more exploits published than IIS.

Re:

[Hurricane78]

The key word here is "published". This is, because Apache has an open bug tracker. And IIS has -- I guess from the quality ;) -- no bug tracker at all.
But Apache fixes its bugs quickly, or even at all, compared to ISS.
Well, I guess to get some useful numbers, one would have to count the numbers of actually used exploits.

But then again, writing it anonymously most likely means that you are a troll...

Re:

[99BottlesOfBeerInMyF]

And then the exploits will occur with the browser that most people are using. Face it: there are bugs in every piece of software out there, and it's just a matter of time before someone finds and exploits them.

So a more diverse set of browsers in use leads to fewer people being exploited. Sounds like something worth encouraging. And while we're at it, how can we encourage vendors to make their browsers more secure and generally better. If only there were some way to motivate developers using common human motivations. I know, we could have them compete with each other on a level playing field in a fee market and the best browser will gain the most market share, so they will all work extra hard to make theirs the b

Re:

[99BottlesOfBeerInMyF]

Stupid people (sorry, inexperienced people) running [Another OS/Another Browser] will do the same stupid (sorry, inexperienced) things they do now.

I'd go further in my argument than you do. Without a monoculture users may take the same action in the same circumstances, but will gravitate to technology that presents them with better situations and better handles those actions (makes them do what the user intended not what a third party wants). For example, this exploit relies upon an executable masquerading as an MSWord file. The fact that Windows presents the file in such a way as it is not differentiated from a Word file or even from trusted executab

Re:

[compro01]

And in all likelihood be far less significant, as the browser in question wouldn't be so damn tightly integrated into the OS.

Re:Hopefully attacks like this won't be as prevole

[peterbye]

That will be true if all those people running windows using administrator accounts move over to running linux as root. Those running linux properly will still be pretty much unaffected.

Re:

[colourmyeyes]

There's always the matter of a no-password "sudo" setup.

Do any linux distros come set up for this by default? How long until they do?

Re:

[billcopc]

But what about those of us who are callous (lazy) enough to run as root 24/7 ? We're just not naive enough to run foreign attachments from people we don't know (or don't trust).

Sure, make things nerf-safe for the common user, but don't go bashing those of us who actually run these machines.

Re:Hopefully attacks like this won't be as prevole

[Kugrian]

But what about those of us who are callous (lazy) enough to run as root 24/7 ? We're just not naive enough to run foreign attachments from people we don't know (or don't trust).

Sure, make things nerf-safe for the common user, but don't go bashing those of us who actually run these machines.

Tell me about it.

I got rid of my front door a few weeks ago as I was sick of trying to find my keys. I can live with all the thefts and waking up to find the odd vagrant crashed out on my sofa, but it's the people that bash on me about it that pisses me off.

Re:

[evanbd]

Last I checked, Linux let programs running under my account read personal data stored under my account and then send it to random computers on the internet.

Sure, it might have more trouble insinuating itself into the kernel and being nigh-undetectable, but if you don't have software that looks for it, there's plenty of damage it can do. My biggest worry is about data I have access to when logged in as my normal user account.

Re:

[jetsci]

Have you seen how much trouble it is to write a Linux virus? There was an article up recently(I may be crazy, could have been a comment) about writing a Linux virus/worm/trojan. It had a number of caveats and required a great deal of luck. HOWEVER, I can imagine the typical Windows user migrating to Linux and as mentioned above, running as root. However, Ubuntu(and others of course) do not allow root access by default...might not be so bad.

Re:Hopefully attacks like this won't be as prevole

[lord_sarpedon]

Not all that much really. Easy enough to run a spambot with user privs. Any of the data you want to steal is in ~. If you last long enough without detection, you can grab the user's password with an X keylogger and start doing extra naughty stuff with root.

Re:Hopefully attacks like this won't be as prevole

[dedazo]

It's not that difficult. I can turn your shiny Linux box into a bot zombie by sending you a Perl script in a tarfile with the execute bit set and asking you to extract and run it. I don't even need root access. More sophisticated? Fine, how about I do the same thing but use, say, Python and a simple wxWidgets UI to ask for your root password? You know, because I need it to "update your system". Chances are good you have all that installed on your system if you use the average distro.

Don't underestimate the power of simple social engineering or the tendency of users to do dumb things. And don't overestimate the alleged technological superiority of your OS. I don't need to code an ELF binary in x86 assembler to do damage, and no one writes destructive viruses anymore. Neither you nor your data are the target. The commodity being sought here is your machine and its network connection.

Re:

[Thinboy00]

then teach the user to only give pw to
A)Stuff that looks like gksu (you don't even need to explain what that is, just what it looks like)
B)If something speaks of "Updates", direct it to the Update manager, and ignore ~all else
C)If the User is stupid anyway, no system will ever be secure enough except one that does not give this person the ability to act as root in the first place, which means using a Mac, which I will never do because it is too user-obsequious

Re:

[fataugie]

I'll take C - Regis,
final answer.

Re:

[Sancho]

This could be done with Windows. Teach the users not to click "Continue" on UAC prompts unless they know what they're doing.

The problem has been, is, and always will be the users. They want their shiny "asteroid cursors" and their "desktop playmates" and they're going to get them, along with whatever crap comes along with it.

Re:

[dedazo]

Once all those Windows users start migrating to Linux because it's safer, do you think they'll suddenly be infused with large doses of simple common sense? apt-get install effin-common-sense-0.2.3 or something like that? =)

Re:

[JasterBobaMereel]

...and I won't run it, nor will any of my users....

Update my system .. ok I just go in the package manager ... no updates .. oh well

Social engineering works both ways, If you make sure you never, ever, send updates via email then the users notice it's unexpected and ask first ... Too many Windows systems are updated by users clicking on links in/attachments to emails ... and far too many websites give download and run links for Windows systems so that the users expect it to work like that

Linux does

Re:

[99BottlesOfBeerInMyF]

It's not that difficult. I can turn your shiny Linux box into a bot zombie by sending you a Perl script in a tarfile with the execute bit set and asking you to extract and run it.

Trojans are a serious concern, but still a small portion of the problem today. Most exploits, by number of infections, are via automated worms with no user interaction.

Don't underestimate the power of simple social engineering or the tendency of users to do dumb things. And don't overestimate the alleged technological superiority of your OS.

The interesting thing about non-Windows OS's is they adapt to threats. Right now trojans are not a problem for the average Linux user, but in a few high security environments they are a concern. Those environments use technologies like SELinux to mitigate the risks and make social engineering a lot harder indeed. If trojans are ever a threat

Re:

[Tubal-Cain]

Most folks that get hold of Linux and install it are probably going to be smart enough to open an e-mailed media file with a media player, and won't touch anything they don't know the extension to.

1. You can change extensions
2. Linux doesn't care what extension a file has (they are purely for user's convenience). It reads metadata to figure out what kind of file it is and opens it in the appropriate program.
3. Hopefully, people will wonder why their *.ogg file looks like an executable rather than a movie thumbnail.

Re:

[grumbel]

Root access or not doesn't really matter if a virus wants to cause harm or spread itself, all the users data happens to be user accessible and his favorite email app and webstuff of course too. But even if that isn't enough, it wouldn't be to hard for a virus to fake a password prompt to catch the password or just to wait for the user to use sudo and then use it himself, since sudo is often used with a timeout that gives the user full root access without a password for a couple of minutes or even forever.

On

Viruses are old tech.

[jellomizer]

Viruses were made back in the single user day. Linux and MacOS even Newer Version of windows don't need Virus to do its damage. Worms that hack into the system and run and install separate process then war dial different IP Address do the trick just as well. The reason people still make viruses for windows is the fact they most people run with Administrator access and they are simple to program (And they think they are Hot stuff if they do), programming worms is still less glory but is more willing to effe

Re:

[Locklin]

It's marked as a troll because it's a regurgitated line brought out whenever there is a discussion of a Microsoft vulnerability and adds nothing new to the conversation. It's used to discredit anyone pointing out a software alternative developed in a more security conscious way (a germane comment in a thread on security).

While its true that people will target software as a function of it's install base, there is such things as more secure software. For instance, Windows ME is less secure than XP. And an un-

minor pedantry

[AliasMarlowe]

virii

If that's an attempt at Latin, it failed. In Latin, virus is in the fourth declension and its plural is virus (yep, just like the singular), and NOT viri or virii.

Of course, as an English word, the plural of virus is viruses.

Re:

[Tanktalus]

Next thing you're going to tell me is that the plural of moose isn't meese. Stupid pedants.

Re:minor pedantry

[JasterBobaMereel]

...and the plural of mongoose is polygoose ....

Re:

[Fluffeh]

...and the plural of mongoose is polygoose ....

While the female mongoose is referred as the woomongoose...

Re:

[Thinboy00]

while you are generally correct [wikipedia.org], virii can mean all forms of malware [wiktionary.org] (sense 2). Also note that the Jargon File endorses 'linguistic playfulness' (probably not a verbatim quote).

Re:

[Petrushka]

If that's an attempt at Latin, it failed. In Latin, virus is in the fourth declension and its plural is virus (yep, just like the singular), and NOT viri or virii.

You, too, fail at Latin: it's second declension [tufts.edu]. Didn't your Latin teacher ever tell you to look at the genitive to determine which declension it is?

Don't be misled by the fact that it's neuter: it's one of three 2nd-decl. -us nouns that are neuter (the others are pelagus and vulgus). Nouns of this type do not have plurals in Latin (see Allen & Greenough [textkit.com] p. 22).

Re:

[silanea]

That would be a typo, not a grammatical mistake.

Re:Hopefully attacks like this won't be as prevole

[Anonymous Coward]

The new attack code, which Trend Micro dubbed "XML_Dloadr.a," arrives in a spam message as a malicious file masquerading as a Microsoft Word document. If the fake document is opened, the exploit hijacks PCs that have not been patched...

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Re:Hopefully attacks like this won't be as prevole

[rolfc]

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Running Linux will.

Re:

[Anonymous Coward]

Linux makes you smarter.

Re:

[Lucid 3ntr0py]

Running Chrome or Firefox won't stop idiots from opening strange attachments.

Running Linux will.

No. It will only stop the current exploits from being effective.

Re:

[Dotren]

Running Linux will.

Apparently not if you're using KDE or GNOME [slashdot.org].

Re:

[Tweenk]

There are fixes:
1. Require .desktop files to be executable to launch them
2. Ignore the Exec= line in user overrides

It's just a matter of someone contributing a suitable patch. It is not an architectural problem.

Re:

[N1AK]

So you are suggesting that a significant flaw in Linux has lasted so long, even though it is "just a matter of someone contributing a suitable patch"? Hardly a good arguement.

Pointing out there are possible fixes doesn't absolve it from blame.

Re:

[Thinboy00]

Pointing out there are possible fixes doesn't absolve it from blame.

No, it doesn't, and that is one of the major problems with FOSS: devs tend to avoid disturbing the ecosystem as much as possible, even when doing so is a good idea. If this was run in a traditional (read:closed-source) setting and IT heard that it would take the flip of a few bits to get rid of a major security vulnerability, how long would the bug live?

I know some idiot mod will mark this as a troll because it is critical of FOSS. Really people, let's at least pretend to be civilized, please.

Re:

[ianare]

I'm not sure it's possible to paint all of FOSS, or all of closed source devs with such a wide brush. You do have some projects that are extremely risk and innovation averse, a classic example being GNOME, while others on the contrary have no problems starting everything from scratch like KDE has done. Similarly, you have Apple, the constant innovator, willing to dump legacy code to move forward, and MS, where their commitment to binary compability is limiting their progress.
Each strategy has its advantage

Additionally

[Jeremy Visser]

1. Require .desktop files to be executable to launch them

In addition, make the desktop environment not execute .desktop files under /home, and/or mount /home with noexec.

If a user wants a launcher icon on their desktop, enforce that the icon is actually symlink to the real .desktop file under /usr/share/applications. (Can be done while hiding the mechanics from the UI trivially.)

Re:Hopefully attacks like this won't be as prevole

[Greyfox]

Back in the day when dinosaurs and mainframes walked the earth and the system programmer's room was likely to have more than one half-drunk cup of coffee with a cigarette butt floating in it, it was not uncommon to get an E-mail around Christmas time with an attachment in it. The attachment purported to display an ASCII Christmas tree on your terminal, complete with flashing ornaments and such.

When it was run, this attachment would helpfully and quietly forward itself to everyone in your address book. A couple of days later, after cleaning up the smoking wreckage of the E-mail system, system administration would send out an E-mail suggesting that it's not a good idea to run programs from unknown sources.

This was on IBM VM/CMS, a notably not-Microsoft OS.

Re:

[Bozdune]

Hey! I remember that! (shit, I'm old)

Re:

[ianare]

Wasn't this also the time of the naive internet ? When all smtp traffic was on port 25 with forwarding enabled ? Before AOL and the dark times ...

Re:

[Greyfox]

No, it was kind of garbled. I did learn that it was a bad idea to run applications that came as Email attachments though...

Re:

[grumbel]

The only exploit is the user herself. Just don't open attachments from people you don't know.

Viruses have already become more clever then that long ago, From headers have zero trust value and are constantly faked and using titles from documents found on a users disks have replaced non-trustworthy gibberish. So getting mail from a friend with trustworthy subject tells you little to nothing.

This really isn't something you can fix socially, if you could we would have already solved it. Its just a technical problem that needs fixing, a mail program should just run attachment in a chroot/jail/vm-like en

Re:

[Greyfox]

Well yeah, back then you didn't have to fear the act of just opening your E-Mail either, since mail was text based and didn't execute random shit or send you off to random sites on the Internet for graphics or web bugs. This exploit actually required the user to save and run the attachment. It was also (usually) decent enough to not delete all your files in the process of forwarding itself to other users.

Re:

[Locklin]

Of course, you can always execute unsigned, untrusted code by downloading Firefox extensions on the Mozilla site.

Re:

[Lord Ender]

Yes, but linux will also stop them from opening not-so-strange attachments, unfortunately.

Re:

[grumbel]

Running Linux will.

Never underestimate the compatibility of Wine.

Re:

[Bryansix]

That's because you have to step through the 9 levels of dependency hell in order to run anything on Linux.

Re:

[Bryansix]

Wrong! Try to compile VirtualBox on Ubuntu.

Re:

[ais523]

You know, after that challenge, I actually tried.

Not that you'd ever want to do it like this anyway unless you were patching it yourself (you'd just get the binaries from the package manager) but:

apt-get source virtualbox-ose
cd virtualbox-ose-2.0.4-dfsg/
sudo apt-get build-dep virtualbox-ose
make -f debian/rules build

If anyone still believes that dependency hell is a problem in modern Linux distributions, I advise them to look at the third line of what I did above and be disillusioned; nothing about what

Re:

[Sleepy]

>Running Chrome or Firefox won't stop idiots from opening strange attachments.

False.
An idiot user will not know how to chmod +x a strange file, so your logic falls flat.

And there's plenty of Linux users happy to run with whatever is available in the Ubuntu repository, that they don't mind being "locked out" of desktop changes.

Contrast this with the Windows desktop user who will bitterly complain about not being able to open the Windows Clock on the taskbar, just to check dates on a calendar [a step which

Re:

[Arancaytar]

Running OpenOffice will stop the macro from accessing IE, though. MS Office isn't even bundled with most XP anymore. It wasn't on mine, anyway.

It's annoying that I can open everyone's files, but I need to export to a buggy format for others to open mine. But this news item proves it's worth it.

Re:

[ianare]

No but it has been consistently shown that FF users keep their browsers up to date much sooner. Case in point : the huge number of IE6 users compared to FF 1.5 users out there. Even within major revisions, the less painfull FF upgrade system keeps the vast majority of people on the latest minor update or patch. Many IE users disable auto-updates because they're seen as an annoyance (asking themselves "why do I have to reboot simply to upgrade my web browser ?").

Re:

[jetsci]

I wonder, what would un-bundling REALLY mean? Just that its easier to remove or that Microsoft OS' come with no browser? Now that would be a fun one for new users...

Re:

[99BottlesOfBeerInMyF]

I wonder, what would un-bundling REALLY mean? Just that its easier to remove or that Microsoft OS' come with no browser?

Well, literally it would mean Windows ships without IE to OEMs. That's not to say that this is the remedy the EU will choose. It is just one of their options and by itself, certainly not enough to remedy the broken market.

Now that would be a fun one for new users...

The EU's remedies will likely affect only MS, not OEMs. If you're technical enough that you're building a computer and installing Windows yourself, you're probably technical enough to download and install a browser too. If you're a normal person you buy a computer with software, OS, and ha

Re:

[99BottlesOfBeerInMyF]

It would mean the user has to stop and wait for an automated download and install process to run their programs for the first time. In order to maintain compatibility with existing software IE must be installed.

I think you're missing the point of how bundling is perceived by the law. If MS installed software to auto-download IE, that would still be illegal. OEMs aren't going to ship without a browser or HTML engine though, so the normal user would not likely see much difference excepting which browser and HTM engine is pre-installed. Any remedy from the EU is going to be intended to change the situation MS has created where IE is required, or it has failed. The point is to restore the market to a state where IE is

Re:

[Shados]

Actually, they depend upon an HTML engine answering their calls to the APIs

No, thats not how it works. In a modern development environment, the developers would pop the dialog box that would show all their installed and registered components... the dev goes down the list, and go "Hmm...Adobe PDF renderer...nope... Gecko? Hmm...no... IE Control...bingo!". If they (and they most likely were) using something a little less "drag and drop", they had to make a conscious decision to pick and load an instance of th

Already?

[sqlrob]

Must've been harder than usual. I would've expected it on Wednesday or Thursday of last week.

Masquerading?

[TheRaven64]

a malicious file masquerading as a Microsoft Word document

I don't think this is the same definition that the rest of us use. In related news, a lizard was seen masquerading as a gecko.

It was probably dressed as Clippy...

[Viol8]

... pretending to be helpful but surreptitiously twirling its moustache while doing nfaerious deeds to the computer and generally making life miserable for the user.... actually thinking about it - thats not too different from the real clippy.

Re:

[JCSoRocks]

It looks like you're trying to renew your existing car insurance. Would you like to save 10% by switching to Geico?

Re:

[shutdown -p now]

While all sharks are fishes, it doesn't follow that all fishes are sharks. So it's a malicious file masquerading as a different kind of a malicious file; so what? ~

Linus quote about Microsoft

[Anonymous Coward]

"They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

Re:

[Hordeking]

"They invade our computers, and we fall back. They assimilate entire servers, and we fall back. Not again. The line must be drawn here! This far and no further! And I will make them pay for what they've done!" - Linus Torvald

Sounds a bit like a Linus Maginot Line [wikipedia.org], to me.

the solution is ..

[viralMeme]

Set the default viewer for msWord docs to the Word Viewer [microsoft.com], make normal.dot read only, disable auto-opening of macros ..

Re:

[Anonymous Coward]

...or use OpenOffice.

Use firefox?

[Anonymous Coward]

How would switching to FireFox help? So you can get a different brand of virus?

Patch and keep patching. That is the only safe bet.

Yes I am using Firefox right now.

Re:

[Danzigism]

It might help avoid certain exploits that penetrate holes in IE, but working in an environment where I see 30+ computers in the repair shop every week, Firefox or IE, the computers still get viruses. It bugs me a little when I hear customers say, "Well a friend of mine told me to use Firefox because it is more secure" when their computers are still heavily infected with malware. You can still easily get infected. It's not the browser's fault, it's the OS's fault..

In other news-- FISH FOUND IN OCEAN

[baomike]

Will it blow my version of OO when I try to open the WORD document?
I am glad to hear that it wont affect the REGISTRY on Slack.

I am so waiting for the malware that runs "FORMAT C: " or whatever
it is nowadays.

Re:

[jetsci]

It charges extra for THAT....

Re:

[mapsjanhere]

reminds me of the first virus I ever encounter, something Jericho; I knew I was in trouble when /format :c was no longer working. Oh, the days when a reformat and reinstall took 30 min, and all your documents were "safe" on floppies anyway.

Re:

[fataugie]

You mean on all those old, re-formatted AOL disks?

HAHAHA

/me grabs stomach, slaps knee and wipes a tear from his eye

Re:

[mapsjanhere]

We would have killed for reformated AOL disks! This was 1990 or so, they weren't giving them away yet (at least where I went to school). So past the time when we were cutting extra slots in 5.25" floppy holders to use the single sided ones double sided and saved 50 cents each.

Re:

[fataugie]

Wow, you're really old.

Hey Grandpa, tell me about when you used to have trays of punch cards... ;-)

Re:

[mapsjanhere]

now that you mention it ...
Actually I started out on Commodore 64s - not THAT much older.

Re:

[The MAZZTer]

Viruses/Virii don't tend to destroy the computer anymore, since that pretty much gives them away AND also makes it difficult for them to propagate or earn money off of you (ad views, purchases) when your computer won't turn on.

Lynx

[claytonjr]

This is exactly why I use Lynx. The ASCII porn is getting a bit old, though.

Re:

[Culture20]

That's why you need to upgrade to elinks. You know you want to. Colored text is the best text.

News at 11!!

[dave562]

Hackers exploit already patched code! Security vendors come up with detection routine to protect from exploits targetting at already patched code. Sysadmins everywhere say to themselves, "I'm sure glad I applied that patch last week." Life goes on.

Chinese Exploit Kits

[TheModelEskimo]

Dear Sir,

I am writing in reference to the "Chinese Exploit Kits" you mentioned on the Slash Dot on 18 February. Please inform me if you have further information on availability of these kits.

I would also be interested in subscribing to your newsletter.

Sincerely,

TheModelEskimo

Re:

[fuzzyfuzzyfungus]

I'm assuming that they aren't actually hitting patched systems; just going after the (numerous) systems as yet unpatched, possibly with the aid of information inferred from analysis of the patch. If the patch itself, or patched systems, were getting exploited, it would be bigger news.

Re:

[jetsci]

You're probably right, I failed to make that clear. From my understanding, Patch Tuesday allows hackers to see the old exploit and target unpatched systems. However, is there anyway for Microsoft to minimize the exposure of these patches?

Re:

[fuzzyfuzzyfungus]

I'm not an expert by any means; but I'd suspect that that is a hard problem. The security patch must, to fulfill its purpose, change the system from its vulnerable state to a nonvulnerable one. Tools for observing changes of state are common, well developed, and have loads of legitimate uses. Especially with all the use of VMs now, you pretty much have to assume that the hypothetical reverse engineer can see absolutely everything that happens to the system, step by step, if he feels like it.

Microsoft coul

Re:

[Dotren]

However, is there anyway for Microsoft to minimize the exposure of these patches?

To do this effectively I imagine they'd have to hide the fact that they've updated the system or, at least, minimize their KB articles to say "Patch KB[insert number here] fixed an exploit".

Imagine though the lashback from this... we already know from recent articles how much people despise Microsoft for adding sneaky patches that install addons for Firefox. Sneaking in security updates without documentation and/or some sort of notice would further solidify some people's ideas of Microsoft's sheer level of

Re:

[jetsci]

I can't help but wonder then, just how bad the MS situation is(security) if they're so afraid of an open view in terms of security from the outside world. Imagine upstreaming patches for your Windows XP box, Debian/RHEL style?

Re:

[lord_rob the only on]

So naturally, it begins again. What is it that allows these hackers to reverse Microsofts patches? Is there no format that would protect them? Perhaps a more open security policy? Imagine that mess?

You can "reverse" Microsoft patches. Use the tool to reverse the Windows configuration to a given date (in Accessories -> System Tools but I don't know the exact name of this app as I'm not using Windows on my home pc of course)

Oh get over it

[Viol8]

No one apart from uber nerds care - its just a word. Hoover were probably pissed that their name became the de facto name for vacuum cleaners too. Tough, deal.

Re:

[Culture20]

Sigh... I was going to post a quick rant about using the term "Hacker" when obviously "Cracker" or "Black Hat Hacker" would be better....but ohhhh what the hell... I give up.

You're a tinkerer, craftsman, hobbyist, inventor, recreational electrician, etc etc. There was a point at which men stopped using a certain word to describe an elated mood too. "Hacker" been redefined. "Bad" means "good", "hawt" is the new hotness replacing "cool", a hogshead is no longer a unit of measurement, and mail(le) is no longer chain link armor, but instead a common word for post.

Re:

[im_thatoneguy]

Sigh... I was going to post a quick rant about using the term "Hacker" when obviously "Cracker" or "Black Hat Hacker" would be better....but ohhhh what the hell... I give up.
I've been doing computer stuff ("hacking") since the mid-1970s and consider myself a "Hacker"...but not in the bad way.
maybe I should turn to the dark side and just get it over with.

And I was going to post a rant on the History Channel about when "Barbarian" used to be an offensive racial slur against the good people of northern Europe.

Re:

[moteyalpha]

So millions of web users are in danger because

a) IE is insecure and Microsoft evil

or

b) Because they did not apply a patch which has been recommended by Win update

Being on Slashdot, i get those two confused...

Is that multiple choice? , if so, I choose a and b as my answer.