Microsoft Flip-Flops On URI Protocol Handing Flaw

← Back to Stories (view on slashdot.org)

Microsoft Flip-Flops On URI Protocol Handing Flaw

Posted by kdawson on Thursday October 11, 2007 @11:46AM from the so-it's-a-bug dept.

a-twitter writes "After months of insisting there is nothing to patch, Microsoft has done a complete 180 on the URI protocol handling vulnerability, announcing in a security advisory that a Windows update will be released to revise URI handling code within ShellExecute() to be more strict. The MSRC blog explains the background and offers more details on this issue."

1 of 126 comments (clear)

Min score:

Reason:

Sort:

Re:Firefox? by dedazo · 2007-10-11 15:08 · Score: 0, Flamebait

hi twitter. How's that karma doing? Had to fall back on the ol' sockpuppet, eh?
the problem happened if you installed IE7, not before.

And?
M$ has just admitted their mistaken way of dealing with urls in XP and 2003.

"M$" has modified the way it works, which does not mean it's "mistaken". And these are not URLs, they're URIs passed to registered moniker handlers. You don't even know what you're talking about, do you?
How is that Firefox again?

They registered a handler with the shell. If they hadn't done that, this wouldn't have happened, since IE7 apparently handles the same type of URIs correctly.
By the way, please don't insult my intelligence by posting retarded things like these as an AC. Be a man and take responsibility for what you say, or stop bitching about how the big bad ACs victimize you.

--
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo