MS Security Advisory: Vulnerability in Graphics Rendering Engine

[26Dolphins]

Here's a little New Year's gift from MS for almost everybody not on Win7:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
There's a workaround (OS depended) but no set date for a fix:

Quote:

Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Here's also an article by cnet.

Until the fix, common sense and precaution can keep you safe - not that one should dismiss them after the fix.

[bo.elam]

Quote:

Originally Posted by 26Dolphins

Here's a little New Year's gift from MS for almost everybody not on Win7:
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
There's a workaround (OS depended) but no set date for a fix:


Here's also an article by cnet.

Until the fix, common sense and precaution can keep you safe - not that one should dismiss them after the fix.

Thanks for the heads up. I think it ll be hard to get infected with this but you
never know. Like always, we need to be on alert for any attachments from
unknown senders.

Bo

[eyeb]

:S almost sounds like crying wolf to get people to switch to win 7...

XP's been around for how long and this is just coming out?

[Ritho]

Quote:

Originally Posted by bo.elam

Thanks for the heads up. I think it ll be hard to get infected with this but you
never know. Like always, we need to be on alert for any attachments from
unknown senders.

Bo

Why would it have to be from an unknown sender? People pass on stupid stuff all the time. A creative hacker could easily get people to pass it on.

[Concerned User]

99.9% of the exploits require user interaction:

1. The user opens all attachments regardless of whether they are from family, friends or unknown people.

2. visits all kinds of sites including ones which tell him to install all sorts of plugins blah blah blah...

3. Microsoft never expected that XP would still be popular (it was released in 2001). They would love to see everyone move on to Windows 7. However, XP still continues to be popular.

Quote:

"To target this vulnerability, an attacker must convince a user to visit a specially crafted malicious Web page, or to open a malicious Word or PowerPoint file," Gunn added. "Furthermore, users whose accounts are configured to have fewer user rights on the system would be less affected by an attack than those running with administrative rights. The Advisory includes further mitigations and workarounds to protect our customers."

the above quote says it all "pebkac" (Problem Exists Between Keyboard And Chair)

[bo.elam]

Quote:

Originally Posted by Ritho

Why would it have to be from an unknown sender? People pass on stupid stuff all the time. A creative hacker could easily get people to pass it on.

I use Outlook and sort emails differently than most people. I delete
mails, without been open, of known senders that don't take precautions.
The mails I open are view on plain text but you right, this can come
from anybody.

Bo

[MidnightCowboy]

Quote:

Originally Posted by Concerned User

99.9% of the exploits require user interaction:

This really says it all.

Even if it were possible to install all top ten antimalware programs on a computer together, the same users will still get infected because they don't follow a few simple rules while using it.

This isn't like some alien science that's difficult to learn. DNS filters (Clear Cloud/Comodo), site ratings (WOT), attachments, cr4cks, shared external media - these things are almost harder to do wrong than they are right

For me, the most useful security tool would be one that used WOT to prevent sites rated other than green from even being displayed, let alone opened. With millions of green sites to choose from I've never seen anything in an orange or red rated one that sent my life into despair because I didn't go there. I say this because even on machines where I've recommended using WOT, users still scan the bad site entries and can't resist the tempting descriptions. They just can't get it into their heads that these things are designed that way for the very purpose of drawing you into whatever scam it is they are peddling this week. Yes, we all know of the occasional site where the rating has been falsely manipulated by a third party for malicious purposes but WOT have a system in place which enables web site owners to correct this, and it's only possible with sites that have a low traffic volume.

[26Dolphins]

Quote:

Originally Posted by eyeb

:S almost sounds like crying wolf to get people to switch to win 7...

XP's been around for how long and this is just coming out?

Crossed my mind as well when I read the Advisory.

I think Concerned User is also right:

Quote:

Microsoft never expected that XP would still be popular (it was released in 2001). They would love to see everyone move on to Windows 7. However, XP still continues to be popular.

Quote:

"pebkac"

And that's a flaw not even the new and more secure Win7 can protect you from.

[garth]

Quote:

Originally Posted by Concerned User

the above quote says it all "pebkac" (Problem Exists Between Keyboard And Chair)

or "pebe"...Problem Exists Between Ears