Slashdot Mirror

← Back to Stories (view on slashdot.org)

40 Windows Apps Said To Contain Critical Bug

Posted by timothy on from the and-the-other-ones-are-worse dept.

CWmike writes "About 40 different Windows applications contain a critical flaw that can be used by attackers to hijack PCs and infect them with malware, says HD Moore, chief security officer at Rapid7 and creator of the open-source Metasploit penetration-testing toolkit. Gregg Keizer reports that the bug was patched by Apple in its iTunes software for Windows four months ago, but remains in more than three dozen other Windows programs. Moore did not reveal the names of the vulnerable applications or their makers, however. Each affected program will have to be patched separately. Moore first hinted at the widespread bug in a message on Twitter on Wednesday. 'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,' he tweeted, then linked to an advisory published by Acros, a Slovenian security firm."

4 of 158 comments (clear)

  1. Really? by Anonymous Coward · · Score: 5, Funny

    Just 40?

  2. So little detail... by broken_chaos · · Score: 5, Insightful

    So there are forty unknown applications with an unknown flaw that results in code execution. This sounds like it includes web browsers (given the references to 'viewing a web page' in the article), but it doesn't specify which. It also doesn't specify what sort of file(s) (except in the case of iTunes -- a 'media file') are affected.

    So what're we supposed to do? There's no detail here, not even cursory detail, on what filetypes or applications to avoid. I'm fine with no details on the innermost workings of this exploit being widely disseminated, but why announce it with such fanfare if there's not even a way to avoid exposing yourself (i.e., listing these supposed '40 applications')?

  3. Re:I Wish I Had the Luxury of Worrying About This. by 0123456 · · Score: 5, Interesting

    Then worry about this:

    Yeah, I'm far more worried about a _fixed_ exploit that requires I install a malicious GUI app than an active exploit that just requires I open a malicious Word document.

  4. He tweeted... by MrMe · · Score: 5, Funny

    'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,'

    That sounds really bad!

    'The cat is out of the bag, this issue affects about 40 different apps, including the Windows shell,' he tweeted

    Oh, doesn't seem so bad now...