Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Has No Plans To Patch New Flaw

Posted by timothy on from the who-uses-usb-drives-anyhow dept.

Trailrunner7 writes "Microsoft has acknowledged the vulnerability that the new malware Stuxnet uses to launch itself with .lnk files, but said it has no plans to patch the flaw right now. The company said the flaw affects most current versions of Windows, including Vista, Server 2008 and Windows 7 32- and 64-bit. Meanwhile, the digital certificate that belonging to Realtek Semiconductor that was used to sign a pair of drivers for the new Stuxnet rootkit has been revoked by VeriSign. The certificate was revoked Friday, several days after news broke about the existence of the new malware and the troubling existence of the signed drivers."

12 of 217 comments (clear)

  1. Re:Source? by jwilhelm · · Score: 1, Troll

    Microsoft statement via Technet blog:
    http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx

  2. Re:Source? by jwilhelm · · Score: 0, Troll

    Here's a statement from the MSRC (Microsoft Security Response Center) blog:
    http://blogs.technet.com/b/msrc/archive/2010/07/16/security-advisory-2286198-released.aspx

  3. Re:Source? by jwilhelm · · Score: 0, Troll

    I never said they were fixing it or not fixing it. The original comment was about a lack of primary source material being linked to. I was providing statements by Microsoft for additional information.

  4. Re:Possible mitigation? by Anonymous Coward · · Score: 0, Troll

    drsmithy,

    If you don't already know it's simply due to willful ignorance.

  5. Re:Possible mitigation? by cynyr · · Score: 1, Troll

    lack of a *.lnk based root kit, the ability to audit the source, the lack of ability to run 99% of the viruses in the wild.[1]

    Can you run any version of windows from something like a ramdisk, so there is no real way to write to the disk? how about the old, start the system up, shut it down, but leave iptables running router hack? A highly transparent bug/flaw reporting system, with a quick turn around?

    If you hear of a mac mini pro, let me know. :)

    [1]yes yes, all strawmen, but the issue for me is the last version of windows I used was XP. So I'm out of date.

    --
    All of the above was encrypted with a Quad ROT-13 method. Unauthorized decryption is in violation of the DMCA.
  6. Re:Possible mitigation? by GNUALMAFUERTE · · Score: 0, Troll

    Would you stop that free market bullshit?

    Companies should be regulated, and the implied warranties should be extended, to cover more things for certain products.

    A lot of people made a huge fuss regarding that laptop app for face tracking that didn't work for blacks because it was "discriminatory" but every day hardware and software is sold that discriminates against users of non-microsoft operating systems, yet no one gives a fuck.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?
  7. Re:Possible mitigation? by GNUALMAFUERTE · · Score: 0, Troll

    Oh yes, sure, the fact that 1 billion computers around the world use windows surely proves that windows works fine. Specially considering that 99.5% of all email around the world is spam coming precisely from all those zombie windows boxes.

    Also, signed drivers and drivers that are checked by the hardware itself are a different thing.

    You are ignorant, and your argument is invalid.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?
  8. Re:Possible mitigation? by Saeed+al-Sahaf · · Score: 1, Troll

    Would you stop that free market bullshit?

    It's ***NOT*** "free market bullshit". It's ***YOU*** taking control of your purchaseing and buying products that work for you, rather than bitching, moaning, and complaining about Microsoft. If you ***LIKE*** to bitch, moan, and complain, I imagine that you are married or getting a divorce. But most people AVOID bitching, moaning, and complaining. So buy stuff that works for you and leave the rest behind. UNLESS you are like RMS, and just like to BITCH MOAN AND COMPLAIGN about Microsoft.

    --
    "Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
  9. Re:Possible mitigation? by hairyfeet · · Score: 0, Troll

    Hate to break the new to you GNU dude, but as a PC repairman I can say that it doesn't matter WHAT OS is used when the underlying problem is PEBKAC. So unless you are ready to hand over 95%+ of your income in taxes to pay for the education in computers for those hundreds of millions of PEBKACs (and nobody gives a fuck if you say RTFM dude, this is reality where shit costs) then tough luck. Linux is no more a "magic bullet" than anything else, or did you miss the malware spread through GNOME Look awhile back?

    The simple fact is there is a REASON why Windows has 90%+ of the desktops, and it is a reason I doubt FLOSS will ever fix-highly specialized apps. while just running Firefox and OO.o may work for you, there are literally millions of highly specialized apps from parts tracking to medical note taking where there are NO FLOSS equivalents which would cost billions to pay to have someone replicate the functionality of (and thanks to software patents may be illegal to replicate anyway) and when you figure in the amount of hardware that would have to be tossed because of no FLOSS drivers (plenty of highly specialized parts like C&C controllers are also Windows only) and the billions in retraining and the higher cost of Linux admins (if any are even available) you often find that "Free as in freedom" will cost the company much more than Windows licenses ever will.

    So you can complain about Windows zombies all you want, working in the shop you'd be surprised how many of those are from "must see teh titties!" guys that would click on ANYTHING, but neither Linux nor BSD nor anything else is a "magic bullet" that will make PEBKAC disappear. And as we have seen "educate the users" doesn't exactly work, or we wouldn't still have 419 scams after all these years. So sorry GNU dude, but stupid is as stupid does, and if you switched the majority of PEBKACs to GNU tomorrow by the day after there would be so many "Hot_bitches.sh" files going through emails it would make your head swim. So just get on your knees and thank RMS that the PEBKACs are on Windows, and pray they stay there.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  10. Gotta love all the handwaving... by Anonymous Coward · · Score: 0, Troll

    Gottal love all the handwaving by the paid M$ astroturfing fanbois in here pointing that the summary is "false" because M$ "may" fix the flaw "in the future" (from TFA).

    Hey, paid M$ astroturfing fanbois: we are talking about taking control of PCs equipped with Windows by exploiting a flaw in the friggin' way .lnk are implemented.

    Dot frakkin' lnk files. Don't forget how amazingly secure your love-OS is, we're talking about .lnk files this time.

  11. Re:Possible mitigation? by ozmanjusri · · Score: 0, Troll
    what do you call Windows Update?

    Are you kidding?

    --
    "I've got more toys than Teruhisa Kitahara."
  12. Re:Possible mitigation? by GNUALMAFUERTE · · Score: 0, Troll

    We don't want you to switch. I filter out SPAM, and I don't have to deal with windows ever, so the fact that you are using windows doesn't affect me in the least. You want to switch with no effort on your side? fuck off. Stay on windows for all I care.

    I've helped switch a lot of people because they wanted too, and they put a great effort on their side. I don't care about the popularity of Free Software. We have enough developers already, and more than enough users. We are an alternative. If you want to join us, great. If you don't, we don't care.

    --
    WTF am I doing replying to an AC at 5 A.M on a Friday night?