Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Confirms Zero-Day Hours After Exploit

Posted by CmdrTaco on from the that's-sum-sploit dept.

CWmike writes "Microsoft confirmed on Tuesday an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug. A patch is under construction, but Microsoft does not plan to issue an emergency update to fix the flaw. The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake. Metasploit says successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet."

1 of 53 comments (clear)

  1. Re:Non-Affected Software by hairyfeet · · Score: 3, Insightful

    Or maybe, just maybe, it could be because the bug is in the graphics rendering subsystem which had been changed and tweaked a lot for Win 7, and is therefor unaffected. Do you have ANY idea how many apps call upon the Windows graphics subsystems? And we are also talking about WinXP here, aka "hey lets all run as admin" which means apps can REALLY hook into the graphics subsystem and when the patch tweaks that?

    Don't forget that the big selling point of Windows is its backwards compatibility which means when you are gonna patch it damned well better be tested! Can you imagine the royal shitfits if everyone came to work on Wednesday after Patch Tuesday and found their PS Pro, Photoshop, Picasa, and many of the other apps that use graphics went tits up? Hell the support lines would be hit so hard it would be a miracle if the lines didn't melt.

    So don't blame on malice what can easily be explained by just requiring a shitload of work. imagine YOU were tasked to fix a graphics subsystem in 10 year old code that the original designers have done skipped off to greener pastures? Where if you don't patch it just right you can break thousands of third party app s that you have NO control over but which your customers depend on? man I wouldn't want that job, no way in hell. I bet those guys have ulcers and are bald by 30 just from the stress.

    --
    ACs don't waste your time replying, your posts are never seen by me.