Slashdot Mirror


New Windows Vulnerability in Help System

wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."

24 of 576 comments (clear)

  1. MS by Fredbo · · Score: 5, Funny

    Microsoft is in some serious need of some help on this...

    1. Re:MS by netsharc · · Score: 5, Funny

      "It seems like you're trying to exploit a security hole. Would you like help?"

      --
      What time is it/will be over there? Check with my iPhone app!
  2. Horrible by S.I.O. · · Score: 5, Funny

    > and no virus definitions for the major scanners

    Jesus, even my ScanJet is vulnerable?

    1. Re:Horrible by Patrik_AKA_RedX · · Score: 2, Funny

      That depends: How long has it been since you last used a strong desinfectant to clean the scanner? If you don't do this before every scan, you might end up digitizing a virus. God knows what would happen if someone would accidently scan the AIDS-virus.

      Prevent virii, sterilize you scanners before use.

  3. Not a problem... by Raynach · · Score: 2, Funny
    Pfft, using help files for Windows?? And this is /. news??

    I'm a man, therefore I use MAN pages when I need help. ;)

    --
    - A
    1. Re:Not a problem... by Rosco+P.+Coltrane · · Score: 4, Funny

      I'm a man, therefore I use MAN pages when I need help.

      Tell me, do you also happen to use gimp?

      --
      "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. Re:Not that big of deal by baryon351 · · Score: 3, Funny

    As a mac user I'm just glad that our beleaguered platform that's now full of trojans has a competitor and hopefully this upstart Windows will take some of the attention away. phew!

  5. Re:Privilege level by h2odragon · · Score: 3, Funny
    if i have to re-educate my users to be aware of security, i may as well re-educate them to a better thought out environment.

    To extend the lock metaphor well beyond any rationality: i'll teach them to use keys instead of a "dance and sing" ritual... "you have to log in as root to do this and that" instead of "you have to right click and selct this, unless its september or a full moon when you have to double click here and then do this that and this other step; except for full moons during september when you have to sacrifice a blue goat at 11:13pm PST using a 14 inch Stihl chainsaw".

  6. well by circletimessquare · · Score: 5, Funny

    i loaded up ie, went help... contents and index... search... and typed in"help subsystem vulnerable" and hit list topics

    a pop up box announced "no topics found"

    so what is everyone talking about? this doesn't seem to be a problem

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  7. mean trick by Ruliz+Galaxor · · Score: 4, Funny

    this is probably some kind of mean trick from mister Linus to discourage the use of Windows. I don't believe in this vulnera...

    hey, where did my files go?

  8. I wonder... by Ruliz+Galaxor · · Score: 3, Funny

    how to format my harddisk. Maybe Windows-help can provide me with some support. *clickety-click*

    sig(h)

  9. WAIT!!! by The+Ancients · · Score: 3, Funny

    we haven't finished talking about the OS X security hole. Damn MS always has to get market dominance in everything they do...

  10. Again? This is the last straw. by tekrat · · Score: 2, Funny

    That's it! I'm buying a Mac!

    "The more I use Windows, the more I love my Commodore 64"

    --
    If telephones are outlawed, then only outlaws will have telephones.
  11. Ha! You Linux zealot! by jotaeleemeese · · Score: 4, Funny

    There you are, all your user friendliness rubish, that Linux is ready for the desktop.

    How would Joe Average, Jose Sixpack, Aunt Tillie, your Mom, my Mom, Granma, Grandpa, the children, would react if faced with such arcane, incomprehensible instructions.

    In Windows everything is easy, In Windows everything is one click away.

    You Linux zealots are the sux0r.

    --
    IANAL but write like a drunk one.
  12. Re:start the stopwatch... by Anonymous Coward · · Score: 3, Funny

    He's been busy trying to get that damned virus off of his machine.

  13. Re:Afraid by SnowDog_2112 · · Score: 2, Funny

    I don't know about the rest of you, but things like these are actually scaring me out of running Windows.

    If you stop using windows, the terrorists have already won!! :P

    --
    Not representing or approved by my company or anybody else.
  14. Re:Windows has problemss... by Salsaman · · Score: 2, Funny
    It turns out that naming things with numbers, letters and seasons must be the most user friendly practice out there.

    If this trend continues, their product names will soon be haiku.

  15. Microsoft help? by kpogoda · · Score: 2, Funny

    Isn't that an oxymoron? I was reading an interview the other day that Gates has shifted the company's #1 priority from Longhorn to security. This is another major blow for Microsoft. But, since when has the help menu actually ever been useful anyway?

    1. Re:Microsoft help? by Bambi+Dee · · Score: 2, Funny
      But, since when has the help menu actually ever been useful anyway?

      It allows completely innocent newbies to access the Microsoft newsgroups where they might run into "MVP"s with psychic powers who'll help with problems like "im on the computer then erro comes up". I have no idea how they do that.

  16. Big threat? Not really by Junior+J.+Junior+III · · Score: 4, Funny

    Considering how seldom the idiot^H^H^H^H^H^H users actually use the help function whre I work, it shouldn't be a problem. It seems they regard the IT Support "Help Desk" as their first place to look when they ought to be using the online Help function in that seemingly invisible menu at the right side of their window.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  17. In Linux-land... by gosand · · Score: 5, Funny

    Imagine teaching your mother to use one account for installs, and another for her email and browsing, then throw in some stuff that will only work under admin and you'll quickly see where this goes.

    Somewhere in Linux-land, a phone rings....

    Hello? Oh, hi mom. Yeah, I can help you install a program on your computer. What do you want to install? Oh, cool. Have you downloaded it? Good job. OK, open up a terminal.... it's a command line interface, where you type commands. Much more powerful than a GUI. Where did you save the file? You don't remember? Hmm. Just type "cd". Now type "ls". Do you see the file name? Great! OK, type "tar -zxf "

    It didn't work? What does it say? OK. What is the name of the file you downloaded? Oh, well, that is a bzip file, not a tar and gzipped file. So type the same thing as before, but use "bzip2" instead of "tar".

    What? Why didn't it work? Oh, it doesn't have the same syntax. Crap. Go to the man page. Oh, man stands for manual. Type "man bzip2". What does it say?

    (20 minutes later)

    OK, now we have uncompressed the files you need. No, not yet. Type "./configure" No, it's OK, it is figuring out what kind of computer and software you have.

    OK, now type "make" OK, call me back when it is done.

    (15 minutes later)

    OK, now type "make install" What? Why not? What does it say? No, not that. Oh, wait, you have to be root. It is an administrator user.
    Because not just everyone can install programs, for security reasons. Look, just change to the admin user by typing "su". OK, now enter the root password. I DON'T KNOW! You mean you don't know your root password?

    (10 minutes later)

    Mom, you should NOT use the dog's name as the password. Because it is insecure! Nevermind. Just type "make install". There. Now it is installed.

    No, there is no icon, you have to type the name of program to run it. Type it. What? I don't know, what was the name of the binary after you compiled it? A binary file is a program you run. You compiled it when you typed "make". Hmm, let's look in the Makefile. Type "vi Makefile". What do you mean it is blank? Oh, wait. Use capital M. Type ":r Makefile" with a capital M.

    OK, now you are in vi, the most powerful editor ever. WHAT DO YOU MEAN YOU PREFER EMACS!!!!

    --

    My beliefs do not require that you agree with them.

  18. Re:Actually, mac users haven't had a virus yet by 5.11Climber · · Score: 2, Funny

    What's a floppy??? Don't they have pills or something to fix it??

    --
    Arf!
  19. Re:Windows has problemss... by gotw · · Score: 4, Funny

    Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.

    I was hoping linux would keep its marketshare above 1% anyway.

  20. Meanwhile, in Mandrake-land by fucksl4shd0t · · Score: 2, Funny

    Phone rings.

    Hi mom. You want to install a program? Ok, what's it called?

    Great! Now open a terminal window. It's a command line interface and it's much more powerful than a gui. Got it open? Great. Now you have to become the superuser, so type 'su' and then put in the password.

    You don't know your root password? Ask dad.

    Ok, great, so now you're root. Now type "urpmi", a space, and the name of the program you wish to install.

    It's asking for the CD that contains the program. Put that CD in and follow the directions.

    You're done, now? Great! Now just click on your K menu and you should find it under "Applications". You don't have a K menu? You have a little paw. Ok, click the little paw, yes I know it's cute. Found it? Glad to help!

    --
    Like what I said? You might like my music