Patches Released for Critical Security Issues for Microsoft Windows

Status
Not open for further replies.

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
0
These two statements seem conflicting:
"Microsoft claims that it had discovered the flaw itself, rather than through a security firm or by monitoring ‘chatter’ on hacker websites."

"The problem is already being exploited in the wild and can allow attackers to gain full control of a computer."

So Microsoft "discovers" a flaw all by itself and releases a surprise patch while there are "exploits in the wild". Do the exploiters work on the Windows developer team or did they get advanced info through MSDN?

"Microsoft also added that the windows firewall CAN be used to block such an attack."
In other words it doesn't have any effect on the exploit by default.
 

HaZ

Distinguished
Jun 9, 2004
179
0
18,680
0
[citation][nom]jhansonxi[/nom]These two statements seem conflicting:"Microsoft claims that it had discovered the flaw itself, rather than through a security firm or by monitoring ‘chatter’ on hacker websites.""The problem is already being exploited in the wild and can allow attackers to gain full control of a computer."So Microsoft "discovers" a flaw all by itself and releases a surprise patch while there are "exploits in the wild". Do the exploiters work on the Windows developer team or did they get advanced info through MSDN?"Microsoft also added that the windows firewall CAN be used to block such an attack."In other words it doesn't have any effect on the exploit by default.[/citation]

Pretty Naive response - just because one person finds something, doesn't mean nobody else is allowed to find the same thing.

It could be that Microsoft discovered it, then also discovered that it was already being exploited. Maybe not exploited on a grand scale yet though.

And yes Captain obvious, the firewall is no good by default, but who DIDN'T know this already?
 

one-shot

Distinguished
Jan 13, 2006
1,369
0
19,310
8
I was actually told about this a few days ago. A friend's aunt, who is a programmer said that some attacks are going to come in the next few weeks. Then I read this article, Sounds real, but my pc is updated and anti virus is good so I should be alright.
 

jhansonxi

Distinguished
May 11, 2007
1,262
0
19,280
0
[citation][nom]kami3k[/nom][/citation]Not necessarily true. It depends on the method of the hack. If they're targeting your PC specifically then you are correct. But most exploits are mass attacks usually delivered by malware of some sort. If a particular malware is discovered by the anti-virus developers, and a detection pattern is written, and the pattern is published as a definition update for the anti-virus version one-shot uses, and one-shot updates the anti-virus with the new definitions, then the protection is effective for that exploit-containing malware. Of course, that's a lot of ifs and one-shot might be an "early adopter" of the malware or encounter a different malware.

The Windows firewall could be updated to block the exploit but I suspect it probably breaks some other Windows functionality that relies on the RPCs.
 

0mg_1ts_m3

Distinguished
Sep 29, 2008
148
0
18,680
0
this little fix might help, but it's completely retarded. it fucked up sony vegas on me so i had to call sony and waste my day trying to find out how to reactivate it. windows is a piece of shit. and so is microsoft.
 

Zorg

Splendid
May 31, 2004
6,732
0
25,790
1
Sony bites the big one as well, they were probably equally if not completely at fault. The problem was probably related to one of their rootkit DRM schemes, or some other equally invasive garbage.
 

neiroatopelcc

Distinguished
Oct 3, 2006
3,079
0
20,810
9
[citation][nom]0mg_1ts_m3[/nom]this little fix might help, but it's completely retarded. it fucked up sony vegas on me so i had to call sony and waste my day trying to find out how to reactivate it. windows is a piece of shit. and so is microsoft.[/citation]
Then replace windows with something else? If you don't like it, don't use it. Same goes for anything. Microsoft didn't promise you that an update won't break 3rd party software compatibility when you bought Windows.
 

Zorg

Splendid
May 31, 2004
6,732
0
25,790
1
Yeah, and Sony didn't promise that they wouldn't screw you any way that they possibly could.

I do agree with you and I haven't given Sony a dime for anything in a long time. I hope they go belly up.
 

bounty

Distinguished
Mar 23, 2006
389
0
18,780
0
"Microsoft claims that it had discovered the flaw itself"

Microsoft discovering the flaw:
"Hey look, I've discovered that someone took over Bill's computer. We better post a patch before securityfocus.com posts a detailed write up and exploit code."
 
G

Guest

Guest
It's like how Christopher Columbus discovered a country that had people already living there.
Apparently, not being popular enough to have someone tell you about important things and finding out on your own years later is better than knowing and doing something about it in a timely manner.
 
Status
Not open for further replies.

ASK THE COMMUNITY