Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oops! Missed One Fix — Windows Attacks Under Way

Posted by timothy on from the don't-blame-microsoft-alone dept.

CWmike writes "Microsoft says attackers are now exploiting a critical Windows bug that it didn't get around to fixing in its biggest batch of security patches in more than five years, issued yesterday. Microsoft said that 'limited and targeted' attacks are in progress by hackers exploiting an unpatched vulnerability in the WordPad Text Converter, a tool included with all versions of Windows. If Microsoft patches the WordPad problem on its monthly schedule, the first opportunity for fixing the flaw would be Jan. 9, 2009." Update: 12/10 22:28 GMT by T : OK, there might have been more than one: reader Simon (S2) writes "There is an even more serious flaw ... From SANS: 'There is a 0-day exploit for Internet Explorer circulating in the wild. At this point in time it does not appear to be wildly used, but as the code is publicly available we can expect that this will happen very soon. This is a brand new exploit that is *not* patched with MS08-073 that was released yesterday. I can confirm that the exploit works in a fully patched Windows XP machine. The exploit is a typical heap overflow that appears to be exploiting something in the XML parser.'"

5 of 292 comments (clear)

  1. Re:I don't understand by Anonymous Coward · · Score: 0, Flamebait

    a common joke here on /.

    Yea, the only humor used more is lame sarcasm

  2. Re:I don't understand by Ilgaz · · Score: 1, Flamebait

    The real question is, how come Apple TextEdit.app which is there for years doesn't get such issue and MS Wordpad gets it? Or Kate? Gedit? I think it is the thing which confuses people.

  3. Re:OMG! RLY? How will the human Race Survive?!?!?1 by freddy_dreddy · · Score: 0, Flamebait

    Replace OpenOffice with utter crap, dillhole.

    Wrote my thesis on it. OpenOffice is truly the king of all that sucks.

    --
    "Violence is the last refuge of the competent, and, generally, the first refuge of the incompetent" - Thing_1
  4. When are you fucking morons in the IT industry by Master+of+Transhuman · · Score: 0, Flamebait

    ...going to stop coding fucking buffer overflows and assorted other common software flaws? It's fucking 2009. Why is this shit still happening? Even on Linux I get several security bug patches a week.

    And now after Windows XP has been out for HOW FUCKING LONG, Microsoft gets to issue TWENTY-EIGHT fucking fixes in one month - and at that, manages to miss one or two more?

    Fucking pathetic.

    You programmers better go back to school and start figuring out how to write code that doesn't fucking suck!

    --
    Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  5. Re:I don't understand by wolferz · · Score: 0, Flamebait

    "I HATE the way Microsoft's evangelists have switched to this "Blame the user" mentality to try shift attention from their failures. It's hypocritical, dishonest, and most of all, it allows them to sit on their laurels and continue serving up variations of the same stale OS they've been facelifting for the past 15 years."

    uhm... ok... I agree that it's ridiculous to blame the users. I also agree that this does happen among the less experienced Windows stalwarts. But the majority of knowledgeable computer techies admit that Windows has problems when it comes to usability. And no, building your own computer or writing your own program does not make you knowledgeable in this context, especially considering these tasks are often outsourced to be preformed by people who don't even have a high school level education.

    Don't try to claim this is a MS only problem. In the hands of a novice a Linux computer is only more secure than a windows machine for two reasons: 1. a compromised user account doesn't compromise the entire system and 2. there are fewer "hackers" targeting Linux.

    Most of the damage that happens to Linux systems is from users who didn't know what they were doing and screwed crap up. The same thing can be said about Windows. But if you take security related problems out of the equation and limit the scope to problems like deleting important files and stuff like that Linux gets a lot more of that. In fact, without the security issues on Windows, Linux has more problems over all than Windows.

    Look, they both have problems. Nether one is inherently better than the others. I use both every day and like both of them. I just get really tired of the Linux Fanboys running around hissing "M.SSSSS. issss eeevviiilllll" every chance they get. Especially when, in my experience, most of Windows' problems are a result of its popularity (not MS's mistakes) while most of Linux's (and open source in general) problems are a result of bad design choices by its developers.

    And yes, it is obvious that you're a Linux Fanboy. The unmitigated Anti-MS Rhetoric you're spewing gives it away.