Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Has No Plans To Patch New Flaw

Posted by timothy on from the who-uses-usb-drives-anyhow dept.

Trailrunner7 writes "Microsoft has acknowledged the vulnerability that the new malware Stuxnet uses to launch itself with .lnk files, but said it has no plans to patch the flaw right now. The company said the flaw affects most current versions of Windows, including Vista, Server 2008 and Windows 7 32- and 64-bit. Meanwhile, the digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers."

4 of 217 comments (clear)

  1. Possible mitigation? by Khyber · · Score: 4, Insightful

    Couldn't they just start making driver signatures verify with the hardware they support instead of the OS? Screw the OS saying whether or not it's legit, does the actual hardware it's meant for say it's legit code?

    --
    Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
  2. Source? by Arainach · · Score: 5, Insightful

    I know Slashdot's editorial standards have dropped, especially when it comes to Anti-Microsoft articles, but there is no link here to any article that claims Microsoft has no plans to patch the flaw. Do we even have editors anymore?

  3. Where did 'no plans to patch' come from? by mysidia · · Score: 4, Insightful

    The article doesn't say it, and at no time was Microsoft reported as saying there were no plans to patch this bug.

    Just because you are unaware of them reporting they will release a patch does not mean they have no plan to patch it.

    They have offered workarounds and appear to be treating this seriously.

    Just because it's the weekend and they haven't told you there will be a patch available monday DOES NOT mean they are ignoring or refusing to work on patching this.

  4. You just proved his point by Sycraft-fu · · Score: 4, Insightful

    See to secure against that, to truly secure against it, he'd have to lose all freedom. Children are soft targets, the only way to keep them secure from kidnapping is to have them under guard 24/7. Keep your kids in a locked compound with armed, trusted, guards and they could be secure (though even that could be overcome). If you want them to live a normal life, well there are risks.

    So your complete and total paranoia bullshit actually proves the GP's point: Getting too paranoid about security is stupid. In the real world, there's no such thing as perfect security. If you think there is you are lying only to yourself. As such you want to design your security for two things:

    1) Good enough to stop the attacks you are likely to face. You don't want to get all crazy and speculate on shit you aren't likely to see. You aren't guarding nuclear secrets, secure your house accordingly. Have it good enough, not stupidly overboard.

    2) Relaxed enough you don't screw over your life. Living in a continual state of locked down paranoia and denying yourself everything because of supposed risks is no way to live. You want your security so it doesn't harm your ability to enjoy a normal life.

    Also if you are dealing with someone deranged enough to try and stalk you to this degree, they needn't get in your computer to do it. You think you are safe? Not hardly. I hire a competent private investigator, they'll track you down, no breaking in to your computer needed.

    You either need to be way less dramatic, get a sense of perspective, or get professional help. Maybe all three.