40 Windows Apps Said To Contain Critical Bug

CWmike writes "About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, says HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit. Gregg Keizer reports that the bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs. Moore did not reveal the names of the vulnerable applications or their makers, however. Each affected program will have to be patched separately. Moore first hinted at the widespread bug in a message on Twitter on Wednesday. 'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,' he tweeted, then linked to an advisory published by Acros, a Slovenian security firm."

Re:I Wish I Had the Luxury of Worrying About This.

[0123456]

Just because a patch was issued doesn't mean every single system was patched and that there won't be countless people still running a vulnerable version.

So now the disto just has to install a malicious trojan on their system and they're doomed. Because if the distro developers are malicious, that would be so much easier than just installing a trojan that runs as root.

I honestly don't see why people can't understand the huge difference between requiring malicious software to be installed on your PC by a software updater that _already runs as root and can change any file on the system_ and requiring you to open a malicious Word document.

Sure, maybe Joe Sixpack is dumb enough to install a random 'Naked Chicks Screensaver' that exploits a Linux bug, but the vast majority of people only install software from their Linux distro, which they have little choice but to trust.

Re:I Wish I Had the Luxury of Worrying About This.

[0123456]

I honestly don't see why you seem to think that the XOrg vulnerability has something to do with your software updater, rather than being one where any GUI app run by any user can run anything as root.

Sigh.

Which part of 'the only way the average Linux user is going to be running malicious software is if their distro ships it to them' is proving so hard for Windows users to understand?

And I care about this why?

[bradbury]

Oh, wait, I forgot, there is not a slashdot/gmail filter that falls under the heading of "I'm still stupid enough to run windows being the case in point of a virus ridden insecure operating system because it isn't open sourced."

Google has managed to get it right. Only show people news (or advertisements) with significant relevance to the viewer. I'm sorry, I've used Unix since 1974, and although there was a brief period of time when I engaged with Windows in the mid-to-late '90s, I'm now back with Linux.

What was it that Forrest once said... Stupid is as stupid does.

Please report on whether the vulnerabilities might perhaps impact programs typically run under Linux. I run almost entirely open source but that does not mean that could be immune to exploits. Simply means we can resolve them much faster.

Well you don't have

[Ilgaz]

One day, something will hit Windows real bad that it will effect anyone, Linux users or even Z/OS using banks.

That junk is running on 95% of machines connected to the Internet. If I wasn't lazy, I would give a far more impressive real number, e.g. billions.

I remember not being to do anything meaningful on the Internet because of some Windows worm while I was using OS X on Apple G5.