Public Exploit For Windows JPEG Bug

Khoo writes "A sample program hit the Internet on Wednesday, showing by example how malicious coders could compromise Windows computers by using a flaw in the handling of a widespread graphics format by Microsoft's software. Security professionals expect the release of the program to herald a new round of attacks by viruses and Trojan horses incorporating the code to circumvent security on Windows computers that have not been updated. The flaw, in the way Microsoft's software processes JPEG graphics, could allow a program to take control of a victim's computer when the user opens a JPEG file." We mentioned this earlier.

Morons

[Pan+T.+Hose]

This bug exists in most Microsoft Software. So for someone to patch they can't simply connect to Windows Update and consider themselves safe, they also have to patch Office, Visual Studio, some Microsoft Games, Server Software (misc, not covered by Update) and more.

Haven't they discovered the advantages of shared objects and dynamic linking yet? On my box I have literally hundreds of programs which were vulnerable to PNG exploits. All I did was write "apt-get upgrade" and forget about it to have them all patched at once after downloading a single 100kB package. When a similar vulnerability is found in Microsoft code everyone screams bloody murded, CNET writes about it, Slashdot writes about it, there is film at eleven and worms start to wreak havoc for years because, as you said, it is "hard to patch." But no, it is Linux that is somehow "not ready for the desktop."