New Critical Bug In All Current Windows Versions

Trailrunner7 writes "Microsoft is warning its users about a dangerous flaw in the way that Windows handles certain MHTML operations, which could allow an attacker to run code on vulnerable machines. The bug affects all of the current versions of Windows, from XP up through Windows 7 and Windows Server 2008. Microsoft issued an advisory about the MHTML vulnerability, which has been discussed among security researchers in recent days. There is some exploit code available for the bug, as well. In addition to the advisory, Microsoft has released a FixIt tool, which helps mitigate attacks against the vulnerability in Windows."

Knowledge Base containing Fixit Link

[Nuisance]

Would be nice to have seen these in the article...

http://support.microsoft.com/kb/2501696

Re:Which versions

[PatPending]

Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 1 and Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**
Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**
Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems**
Windows Server 2008 R2 for Itanium-based Systems
Source: http://www.microsoft.com/technet/security/advisory/2501696.mspx
Appears to apply only to Internet Explorer

Re:Investing

[Culture20]

Assuming you're using the javascripty version of Discussion2
Take a look at your process list. Your browser is eating at least one of your cores. open a few more /. windows. Feel the burn. My single core machine was dying with just one window open. I had to go back to Discussion1 and flag /. with noscript. http://slashdot.org/users.pl?op=editcomm

Re:uhh

[hairyfeet]

Hi MR AC! If you would have read TFA or even TFS (I know I know, but I got bored) you would see they provide a link to The MSFT "fix it for me" page for this problem. Just click on "fix it for me" run the fix it, and that's it. Don't even need a reboot.

I'm sending the link to my customers and family now, and since it makes a restore point before applying it is easy to undo if you need to, although with previous "fix it for me" tweaks that I've run the MSFT patch released later took care of the fix it tweak before applying the patch.

So I don't really see why you or anyone would complain about this one. They have a quick fix that is so simple your grandma can run it, and released the fix quickly to tide people over until they have worked up a patch. I don't see how they could have done any better on this, as a full patch will take time to test and rightfully so as you wouldn't want MSFT releasing patches that break apps and/or drivers and cause more pain than the bug would you? This is easy, simple to apply, and painless to deploy. I don't see how you can get better and the guy that came up with the "fix it for me" program really deserves a raise and company car, as it really has made these fast released workarounds painless for home users..

Re:Investing

[Mr.+DOS]

Sorry, but the 10 mod points is because you've been singled out (check the question “Why do I have 10 moderator points instead of the usual 5?” under Comments and Moderation), not because of the new design.