Slashdot Mirror


New Windows Vulnerability in Help System

wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."

10 of 576 comments (clear)

  1. MS by Fredbo · · Score: 5, Funny

    Microsoft is in some serious need of some help on this...

    1. Re:MS by netsharc · · Score: 5, Funny

      "It seems like you're trying to exploit a security hole. Would you like help?"

      --
      What time is it/will be over there? Check with my iPhone app!
  2. Horrible by S.I.O. · · Score: 5, Funny

    > and no virus definitions for the major scanners

    Jesus, even my ScanJet is vulnerable?

  3. Re:Not a problem... by Rosco+P.+Coltrane · · Score: 4, Funny

    I'm a man, therefore I use MAN pages when I need help.

    Tell me, do you also happen to use gimp?

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  4. well by circletimessquare · · Score: 5, Funny

    i loaded up ie, went help... contents and index... search... and typed in"help subsystem vulnerable" and hit list topics

    a pop up box announced "no topics found"

    so what is everyone talking about? this doesn't seem to be a problem

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  5. mean trick by Ruliz+Galaxor · · Score: 4, Funny

    this is probably some kind of mean trick from mister Linus to discourage the use of Windows. I don't believe in this vulnera...

    hey, where did my files go?

  6. Ha! You Linux zealot! by jotaeleemeese · · Score: 4, Funny

    There you are, all your user friendliness rubish, that Linux is ready for the desktop.

    How would Joe Average, Jose Sixpack, Aunt Tillie, your Mom, my Mom, Granma, Grandpa, the children, would react if faced with such arcane, incomprehensible instructions.

    In Windows everything is easy, In Windows everything is one click away.

    You Linux zealots are the sux0r.

    --
    IANAL but write like a drunk one.
  7. Big threat? Not really by Junior+J.+Junior+III · · Score: 4, Funny

    Considering how seldom the idiot^H^H^H^H^H^H users actually use the help function whre I work, it shouldn't be a problem. It seems they regard the IT Support "Help Desk" as their first place to look when they ought to be using the online Help function in that seemingly invisible menu at the right side of their window.

    --
    You see? You see? Your stupid minds! Stupid! Stupid!
  8. In Linux-land... by gosand · · Score: 5, Funny

    Imagine teaching your mother to use one account for installs, and another for her email and browsing, then throw in some stuff that will only work under admin and you'll quickly see where this goes.

    Somewhere in Linux-land, a phone rings....

    Hello? Oh, hi mom. Yeah, I can help you install a program on your computer. What do you want to install? Oh, cool. Have you downloaded it? Good job. OK, open up a terminal.... it's a command line interface, where you type commands. Much more powerful than a GUI. Where did you save the file? You don't remember? Hmm. Just type "cd". Now type "ls". Do you see the file name? Great! OK, type "tar -zxf "

    It didn't work? What does it say? OK. What is the name of the file you downloaded? Oh, well, that is a bzip file, not a tar and gzipped file. So type the same thing as before, but use "bzip2" instead of "tar".

    What? Why didn't it work? Oh, it doesn't have the same syntax. Crap. Go to the man page. Oh, man stands for manual. Type "man bzip2". What does it say?

    (20 minutes later)

    OK, now we have uncompressed the files you need. No, not yet. Type "./configure" No, it's OK, it is figuring out what kind of computer and software you have.

    OK, now type "make" OK, call me back when it is done.

    (15 minutes later)

    OK, now type "make install" What? Why not? What does it say? No, not that. Oh, wait, you have to be root. It is an administrator user.
    Because not just everyone can install programs, for security reasons. Look, just change to the admin user by typing "su". OK, now enter the root password. I DON'T KNOW! You mean you don't know your root password?

    (10 minutes later)

    Mom, you should NOT use the dog's name as the password. Because it is insecure! Nevermind. Just type "make install". There. Now it is installed.

    No, there is no icon, you have to type the name of program to run it. Type it. What? I don't know, what was the name of the binary after you compiled it? A binary file is a program you run. You compiled it when you typed "make". Hmm, let's look in the Makefile. Type "vi Makefile". What do you mean it is blank? Oh, wait. Use capital M. Type ":r Makefile" with a capital M.

    OK, now you are in vi, the most powerful editor ever. WHAT DO YOU MEAN YOU PREFER EMACS!!!!

    --

    My beliefs do not require that you agree with them.

  9. Re:Windows has problemss... by gotw · · Score: 4, Funny

    Linux is *not* user friendly, and until it is linux will stay with >1% marketshare.

    I was hoping linux would keep its marketshare above 1% anyway.