Slashdot Mirror

← Back to Stories (view on slashdot.org)

Unofficial Patch For Windows URI Hole

Posted by kdawson on from the mother-please-i'd-rather-patch-it-myself dept.

dg2fer writes "For more than two months, the vulnerability of parsing URIs has been known for a number of Windows programs, including Outlook, Adobe Reader, IRC clients, and many more. Microsoft admitted the vulnerability only last week. The latest Microsoft patches published on October's Patch Tuesday did not include a solution, so hackers have taken on the problem themselves. One, KJK::Hyperion, has published (as open source) an unofficial patch that cleans up the critical parameters of URI system calls before calling the vulnerable Windows system function."

4 of 85 comments (clear)

  1. What is Microsoft's reason for silence? by jkrise · · Score: 5, Interesting

    They have admitted belatedly that IE7 on XP is broken; and that it is a very serious threat to security. So what prevents them from releasing a patch right away?

    Is this vulnerability used / proposed to be used to make non-genuine Windows XP machines running IE7 unusable? Remember the unapproved, illegal stealth update that broke patching after a 'system restore'? Microsoft's continued silence is very intriguing.

    --
    If you keep throwing chairs, one day you'll break windows....
    1. Re:What is Microsoft's reason for silence? by jkrise · · Score: 4, Interesting

      Millions of dollars in research takes time.

      But the problem is peculiar to IE7 and XP, NOT IE7 under Vista. This means that the billion dollar research has actually been completed, and that Vista includes the protection mechanism. Since IE7 was released after XP, it clearly indicates that this flaw has been on purpose; with some possible ulterior motive.

      Already, trust has been lost with the stealth update of XP; now with IE7 being forced as a Critical Patch despite the broken security model; the mistrust is complete.

      What Microsoft considers to be a critical patch is actually a cripppling security hazard! How ironic!!

      --
      If you keep throwing chairs, one day you'll break windows....
  2. WHY? by MBHkewl · · Score: 4, Interesting

    Why should ANYONE release a patch for Microsoft (regardless of their application)?
    You ARE a paying user, and you SHOULD get the "quality" service you deserve. Isn't why the OS costs money?

    I applaud those who have taken action & even more released the code as open source; it only shows the good hearts of the open source community, but as others mentioned, you may break something, in this very unstable OS, and you'll be the ones to blame, rather being thanked for saving the users' money, identity & privacy.

    --
    Mod points are a dangerous tool. Abuse them wisely.
  3. Re:Hole in the Patch for the Windows URI Hole by Frosty+Piss · · Score: 2, Interesting

    Hahhaaaha ha ha... Should you really be trusting patches from "unknown" sources? Come on!

    --
    If you want news from today, you have to come back tomorrow.