Slashdot Mirror

← Back to Stories (view on slashdot.org)

40 Windows Apps Said To Contain Critical Bug

Posted by timothy on from the and-the-other-ones-are-worse dept.

CWmike writes "About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, says HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit. Gregg Keizer reports that the bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs. Moore did not reveal the names of the vulnerable applications or their makers, however. Each affected program will have to be patched separately. Moore first hinted at the widespread bug in a message on Twitter on Wednesday. 'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,' he tweeted, then linked to an advisory published by Acros, a Slovenian security firm."

7 of 158 comments (clear)

  1. The Parrot says it best. by Anonymous Coward · · Score: 4, Funny

    http://www.youtube.com/watch?v=wxlhyX-4qKI

  2. Really? by Anonymous Coward · · Score: 5, Funny

    Just 40?

  3. So little detail... by broken_chaos · · Score: 5, Insightful

    So there are forty unknown applications with an unknown flaw that results in code execution. This sounds like it includes web browsers (given the references to 'viewing a web page' in the article), but it doesn't specify which. It also doesn't specify what sort of file(s) (except in the case of iTunes -- a 'media file') are affected.

    So what're we supposed to do? There's no detail here, not even cursory detail, on what filetypes or applications to avoid. I'm fine with no details on the innermost workings of this exploit being widely disseminated, but why announce it with such fanfare if there's not even a way to avoid exposing yourself (i.e., listing these supposed '40 applications')?

  4. Re:I Wish I Had the Luxury of Worrying About This. by 0123456 · · Score: 5, Interesting

    Then worry about this:

    Yeah, I'm far more worried about a _fixed_ exploit that requires I install a malicious GUI app than an active exploit that just requires I open a malicious Word document.

  5. He tweeted... by MrMe · · Score: 5, Funny

    'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,'

    That sounds really bad!

    'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,' he tweeted

    Oh, doesn't seem so bad now...

  6. Re:Oh noes! by Ironhandx · · Score: 4, Insightful

    A lot of people need to learn the phrase : "Common sense is not so common".

  7. Shared Objects / Dynamically Linked Libraries by VGPowerlord · · Score: 4, Interesting

    I was under the impression that very few Windows applications were statically compiled... so why can't this just be updated in whatever shared object it uses again?

    I know he says

    There may be fixes that can be applied at the OS level, but these are likely to break existing applications.

    but what and why?

    --
    GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011