Slashdot Mirror


New Windows Vulnerability in Help System

wesleyt writes "CERT announced today a significant Microsoft Windows vulnerability related to IE and its handling of the Windows help subsystem. There are currently no patches available and no virus definitions for the major scanners. As well, exploits have been reported in the wild. Because the vulnerability is in the help subsystem, even users who avoid Outlook and IE are vulnerable, since IE is the default handler for help files. It seems that this is going to be an ugly one."

1 of 576 comments (clear)

  1. Re:Privilege level by ichimunki · · Score: 0, Redundant

    Yeah, one hour. Sure. I buy that. For most of us it will take an hour just to get an admin's attention, let alone get a good solid recovery done. Sure. One minute. That's believable, too!

    Thankfully for most work users in properly set up environments, most work is done on servers that are backed up well. So you might lose today's work, but probably not yesterday's, and you will be able to get us back on our digital feet.

    But I can see why you would be minimizing the cost of this kind of threat-- the more the network and its users need fixing, the more job security there is for admins, right? But for the rest of the company it's a serious loss of productive time and work. Most of the people who have to go through any sort of recovery experience will lose a whole day of time they would have rather spent doing something useful. And if this hits a whole work group that can be a real disaster.

    --
    I do not have a signature