Yet Another Malicious Microsoft Image Exploit


Jeez, Microsoft:

‘Computer security experts were grappling with the threat of a new weakness in Microsoft
s Windows operating system that could put hundreds of millions of PCs at risk of infection by spyware or viruses.

The news marks the latest security setback for Microsoft, the world
s biggest software company, whose Windows operating system is a favourite target for hackers.

The potential [security threat] is huge,
said Mikko Hypp
nen, chief research officer at F-Secure, an antivirus company.
It
s probably bigger than for any other vulnerability we
ve seen. Any version of Windows is vulnerable right now.

The vulnerabilty appears to be yet another exploit involving running malicious codes through images. Didn’t you guys just supposedly fix this?

(Update: Nicholas Weaver posted a link in our Comments section directing us to instruction to an unofficial patch, along with the portent: “It really is that serious.” Microsoft’s patch? Due on January 10th.)

Comments

Edit Your Comment

  1. The Unicorn says:

    I don’t know if this is in any way related (since it was already in pretty dire straits), but my computer was just run into the ground by sypware & viruses I somehow picked up from a lyrics site.

    Norton couldn’t zap the viruses & AdAware couldn’t zap the spyware — and to top it off, one of these bugs immediately shut down any browser (Explorer or Firefox) that attempted an internet connection.

    All of this is a pretty steep price to pay for the lyrics to “Laffy Taffy.” And if I can blame Microsoft for it, then I’m gonna.

  2. nweaver says:

    INSTALL the unofficial patch. NOW

    http://isc.sans.org/diary.php?storyid=994

    It really is that serious. Its worse than previous vulnerabilities because there are so many ways to exploit it.