Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

New Zero-Day Vulnerability In Windows

Zonk posted more than 7 years ago | from the worst-day-of-the-week dept.

231

Jimmy T writes "Microsoft and Secunia are warning about the discovery of a new 'Zero-day' vulnerability affecting all Microsoft based operating systems except Windows 2003. Both companies states that the vulnerability is currently being exploited by malicious websites. One attack vector is through Internet Explorer 6/7 — so be aware where you surf to."

cancel ×

231 comments

Sorry! There are no comments related to the filter you selected.

sigh. (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16721729)

It's "beware of where you surf." It doesn't need a "to" on the end.

GO BACK TO ENGLISH CLASS, HOMO (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16721887)

You know who cares? No-fucking-body.

Next time you feel like pointing out how brilliant you are, don't.

Re:GO BACK TO ENGLISH CLASS, HOMO (0)

Anonymous Coward | more than 7 years ago | (#16722011)

I'd say that I sense a logic gap but that might be "pointing out how brilliant" I am and I'd hate to upset the sour apples.

Re:GO BACK TO ENGLISH CLASS, HOMO (0)

Anonymous Coward | more than 7 years ago | (#16722137)

Just let it go. No one cares. Except me. I hate having to read it. So I replied. Now I need to figure out some where else to go ... to.

Re:sigh. (2, Funny)

uhlume (597871) | more than 7 years ago | (#16722025)

You're right. This is the sort of English up with which we should not put.

Re:sigh. (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16722029)

Jesus, who really gives a shit?

Re:sigh. (1)

jrobinson5 (974354) | more than 7 years ago | (#16722031)

What the summary doesn't state is that more important than "where you surf to" is "what you surf with". As the summary states, this vulnerability only covers IE.

Just curious (2, Insightful)

realmolo (574068) | more than 7 years ago | (#16721731)

Seems there is always a new "zero day" exploit for Windows. Most times, the exploit can be activated simply by visiting a webpage that has been crafted to take advantage of it.

Does anyone actually know anyone that has been affected by any of these exploits? Seems to me that the odds of actually visiting a site that "runs" the exploit is incredibly low.

Re:Just curious (2, Insightful)

Opportunist (166417) | more than 7 years ago | (#16721791)

The odds depend entirely on you.

The attack vector is a link to the bogus page. Now, how do you get a link to a user and make him click? Usually this is done either by email (click here for big boobs or fat cash) or on a webpage (same).

In the meantime, you can also have it on a banner, where the one wanting to infect you buys ad space on a ... let's say less prestigious page of our beloved web. Usually also pages that promise big boobs, fat cash or free software.

Well, technically, you get free software...

Re:Just curious (1)

this great guy (922511) | more than 7 years ago | (#16721849)

The odds also depend on time. Because as with every vulnerability, it only get worse over time: more bad guys become aware of how to exploit it, methods of exploitation become more reliable, etc.

Re:Just curious (1)

todd10k (889348) | more than 7 years ago | (#16722061)

"(click here for big boobs or fat cash)" Should'nt that be "click here for fat boobs and big cash"?

Re:Just curious (2, Funny)

whitehatlurker (867714) | more than 7 years ago | (#16722087)

I've been clicking on your link for big boobs, and nothing is happening. What's going on here?

The best solution (1)

BeeBeard (999187) | more than 7 years ago | (#16721955)

...is also the most impractical. What you do is just never network the Windows box in the first place. No internet, no intranet--nothing. If you use Windows exclusively, then this isn't really an option. You're going to want to get online eventually. But if you're double booting and running Windows for rendering applications, non-multiplayer games, office suites or whatever else that doesn't require connectivity, then you'll be fine.

Re:The best solution (1)

AusIV (950840) | more than 7 years ago | (#16722301)

You are severely exaggerating. I'm no windows fan, in fact I highly encourage my friends and family to try Ubuntu, and use it on one of my computers. My laptop runs Windows because there are a few apps I like having. When I have the time I'll set up a dual boot, but for now I use Windows XP.

The computer I had before my current laptop got incredibly bogged down with viruses that entered the system through a variety of means. Eventually I found it to be unusable, and switched it to Linux. My laptop, however, has been running XP for a year and a half and I have never had a problem with viruses. For a year I ran Norton Internet Security Suite, then got fed up with it and switched to Computer Associate's derivative of Zone Alarm. A large part of this time, it has been exposed directly to the internet with no form of hardware firewall in between. The software I use most of the time is Firefox, Gaim, OpenOffice.org, an ancient DOS app for managing my checkbook, iTunes for my iPod (though I've recently started using my iPod with Amarok on my Linux box instead), and I've played a few multi-player online games. Let me reiterate that I have never had a problem with viruses. I don't like having to pay $25-50 a year for an anti-virus and firewall, and I certainly wouldn't touch IE with a ten foot stick (I've recently started referring to IE as the Firefox download utility), but it is possible to maintain a windows system without having it affected by viruses.

Re:Just curious (1)

BillTheKatt (537517) | more than 7 years ago | (#16722077)

A lot of sites use third-party advertisers, you never know what those advertisers will do. I was just infected 2 days ago with a rootkit, Goldun or something like that. This is on a fully pactched XP SP2, IE7 and Symantec 10.0 system. Symantec said it caught it, but apparently didn't. Took a few tools to get that out and I didn't have a lot of reason to suspect something, since Symantec said it blocked it. I was wondering how that had gotten through the "secure" IE7. My guess is this. Now I'm back to surfing errr... "questionable" sites with Firefox.

Re:Just curious (0)

Anonymous Coward | more than 7 years ago | (#16722429)

The solution is to stop using IE altogether, genius. How many rootkits do you need to get this through your thick skull? There is no thing as surfing questionable or not questionable sites. All sites should be considered questionable.

All it takes is one "not questionable" site to be hacked, one unexpected link that you click before you think, one shady advertiser who decides to use a fancy new 0-day exploit. Is it really worth your time? Especially since you already have and use Firefox.

Re:Just curious (1)

Foofoobar (318279) | more than 7 years ago | (#16722079)

I've known people to get attacked via this method. Unscrupulous advertising companies have used it to install spyware on several occasions. Usually the link comes via spam.

Re:Just curious (1)

Rosyna (80334) | more than 7 years ago | (#16722507)

I've known people to get attacked via this method. Unscrupulous advertising companies have used it to install spyware on several occasions.

Often times people will exploit it via normal advertisers, or find some exploit on some other software used by a website (the myspace flash exploit) or they'll find an exploit in some software the webserver uses such as phpBB, some dashboard software/configuration manager, or some other easily exploited piece of a webserver (as seen in the WMF exploit). They use one exploit to pass on another. It's really quite ingenious how some of these malware writers pile on exploits.

Re:Just curious (1)

cheater512 (783349) | more than 7 years ago | (#16722093)

Would you know that you were infected by a exploit if you went to a specially crafted page?

You'd probably put the spyware down to something else.

Re:Just curious (0)

Anonymous Coward | more than 7 years ago | (#16722125)

Does anyone actually know anyone that has been affected by any of these exploits?


That you don't know such incidents or can't detect such attacks, doesn't mean they're rare.

Hack a reputable established webpage (0)

Anonymous Coward | more than 7 years ago | (#16722313)

A trick now seems to find a reputable well-established site which gets a reasonable number of hits. Not a massive site belonging to some big company but something reasonable anyway. Hack it and then when people visit the webpage they get hacked. How do I know? Because it happened to me.

Exploits (1)

Mark_MF-WN (678030) | more than 7 years ago | (#16722331)

Well, the idea is that you combine the code with a worm that can infect webservers. That way, lots of webpages will have the code, and the odds of an unprotected Windows machine being infected increase rather substantially.

Re:Just curious (1)

ThinkFr33ly (902481) | more than 7 years ago | (#16722525)

It's not as low as you might think. All it takes is somebody to insert exploit code into a banner advertisement on a major online ad network and sites that you trust all of a sudden become malicious.

Hey, Linux weenies! (0)

Anonymous Coward | more than 7 years ago | (#16721733)

Re:Hey, Linux weenies! (0)

Anonymous Coward | more than 7 years ago | (#16721805)

As greater numbers of people willing to switch to linux, that is willing to learn, struggle, change software if necessary, actually make the switch the rate of switching will decrease. I would hardly say the linux market is at saturation, but that isn't even the topic of this article. As a sexy nerd-girl once said, "Once you go linux, you never go Mac."

Re:Hey, Linux weenies! (1)

Dunbal (464142) | more than 7 years ago | (#16721949)

As a sexy nerd-girl once said,

      Lay off the caffeine, dog. Now you're seeing things. There ain't no such thing as a sexy nerd girl. There are plenty of sexy girls (directly proportional to the amount of beer you've had), and there are some nerd girls. But sexy nerd girls? No way, unless you are really wasted.

Re:Hey, Linux weenies! (1)

MichaelSmith (789609) | more than 7 years ago | (#16722047)

But sexy nerd girls? No way, unless you are really wasted.

Its funny because the other week I was waiting at the supermarket checkout behind three of the ugliest women I have seen in a long time. Not offensive, just not ... very ... attractive.

Their credit card transaction was going through. One of them appeared to be entranced by the flickering lights of the network gear embedded behind the register. She turned two one of her friends and said I think the hourly transfer is about to run...ah there it is.

Geeks! And supermarket IT geeks at that.

Re:Hey, Linux weenies! (1)

jaredmauch (633928) | more than 7 years ago | (#16722151)

Since *BSD is dying and there are no good looking geek women, last chance to view BSD vs Linux [xs4all.nl] .

Re:Hey, Linux weenies! (0)

Anonymous Coward | more than 7 years ago | (#16722267)

Since *BSD is dying and there are no good looking geek women, last chance to view BSD vs Linux.

I'm so confused. All I remember is clicking on some link about BSD, then I muttered "Sweet Jesus", after that everything gets kinda fuzzy, but when I woke up all my machines were running FreeBSD.

Mac geek girls (0)

Anonymous Coward | more than 7 years ago | (#16722237)

But sexy nerd girls? No way, unless you are really wasted.
You've never met [imageshack.us] a Mac [atspace.com] geek girl [imageshack.us] .

Re:Mac geek girls (1)

Dunbal (464142) | more than 7 years ago | (#16722563)

You've never met a Mac geek girl.

      You can keep them. Perhaps I'm spoiled, since I live in latin america. Oiga, las mujeres down here are, well, guapissimas :)

Re:Hey, Linux weenies! (0)

Anonymous Coward | more than 7 years ago | (#16722373)

"There ain't no such thing as a sexy nerd girl."

nerd n. 1. [mainstream slang] Pejorative applied to anyone with an
      above-average IQ and few gifts at small talk and ordinary social
      rituals.

Sorry, I beg to differ with you. I have met quite a few nerd hotties in the valley. And as an example, Jeri Ellsworth is one hell of a hacker (geek, nerd, etc) and she is easy on the eyes http://images.google.com/images?hl=en&q=Jeri+Ellsw orth&btnG=Search+Images [google.com]

Re:Hey, Linux weenies! (1)

Dunbal (464142) | more than 7 years ago | (#16722557)

Jeri Ellsworth

      Like the romans said, you can't argue taste. Ewww. As far as I'm concerned, my point stands. But then again I must concede that yes, at least she LOOKS female.

Linux - Ubuntu (1)

h2g2bob (948006) | more than 7 years ago | (#16722083)

another interesing graph [google.com]

Linux searches become Ubuntu searches.

LOL (0)

Anonymous Coward | more than 7 years ago | (#16721809)

the gayer the city, the more people search for Macs

Protection (-1, Troll)

Anonymous Coward | more than 7 years ago | (#16721907)

It looks like gays know better how to protect their computers from viruses than their selves.

Re:LOL (1)

filterchild (834960) | more than 7 years ago | (#16722259)

Some of us gays prefer to stick with Linux, thanks.

Re:LOL (0)

Anonymous Coward | more than 7 years ago | (#16722305)

It's because of that OH SO SEXY man that plays the Macs on the Apple ads.

gay? (0)

Anonymous Coward | more than 7 years ago | (#16722433)

Because straight guys prefer getting exploited and "pwnd"? Are you familiar with the robot saying "Does not compute"?

Re:Hey, Linux weenies! (0)

Anonymous Coward | more than 7 years ago | (#16722195)

Say what? [google.com]

My first first post! (0, Offtopic)

BrowserCapsGuy (872795) | more than 7 years ago | (#16721735)

Yippie.

Re:My first first post! (1)

BrowserCapsGuy (872795) | more than 7 years ago | (#16721747)

Damn you, realmolo.

Re:My first first post! (0)

Anonymous Coward | more than 7 years ago | (#16721859)

Fool. AC got the FP, you fail even worse. go cry in a corner.

Darn (2, Funny)

blantonl (784786) | more than 7 years ago | (#16721741)

I've been looking at porn all night.. it is saturday you now!.... jeeze.. I better start scanning my machine now (or stop looking at porn) .... (or reload my machine).

Re:Darn (0)

Anonymous Coward | more than 7 years ago | (#16722001)

(or stop looking at porn)
Get a hold of yourself man, you're talking crazy.

"Trusted" Websites (2, Insightful)

TheStonepedo (885845) | more than 7 years ago | (#16721773)

For all of the shortcomings of IE, Microsoft does attempt to cover its ass to some degree. There are settings in IE which decide which goodies [javascript, (un)signed activex controls, etc.) can be run from which websites. When installing Server 2003, just about everything is out-of-bounds in the default IE. If Microsoft would advocate such tight controls by default on all Windows distributions, or even publish its own list of trusted 3rd-party sites, risks could be reduced. The malicious folks who take advantage of zero day exploits tend to be in the seedier parts of the tubes anyway.

Re:"Trusted" Websites (2, Insightful)

0racle (667029) | more than 7 years ago | (#16721803)

And if MS published such a whitelist so many of Slashdots readers would get up in arms about leveraging their monopoly and various other terms they don't really understand. That said, it really isn't Microsofts place or duty to police the internet and say what is and is not safe.

Re:"Trusted" Websites (1)

Opportunist (166417) | more than 7 years ago | (#16721831)

It's also not their duty to tell me what content I can watch and which one I cannot...

Re:"Trusted" Websites (1)

GIL_Dude (850471) | more than 7 years ago | (#16721901)

That's true, but so is the statement that "it isn't their duty to take the trash out for you.", however I don't see your point. If you are trying to send a barb at DRM, it doesn't tell you what you can watch and what you can't. It limits how you can watch it and might make you buy it again to shift format (which sucks and all that - I am against DRM). However, you really aren't making a point by saying they are telling you what you can and can't watch - that is what the government and FCC do.

Re:"Trusted" Websites (1)

springbox (853816) | more than 7 years ago | (#16722533)

These sorts of problems seem to happen frequently with IE. Making a default white list to add to "trusted sites" is just a band aid. Microsoft could solve the problem by fixing the holes in the browser that let such exploits through. If IE7 is any indication though, I'd be surprised if MS was interested in actually fixing it at this point.

The fix's already available (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16721807)

Here! [debian.org]

Re:The fix's already available (1)

Opportunist (166417) | more than 7 years ago | (#16721841)

Let the distro war begin!

Just gimme enough time to grab the popcorn.

That "fix" breaks everything (1)

The_Abortionist (930834) | more than 7 years ago | (#16721883)

In terms of usability, Linux ranks between Windows 3.1 and Windows 95.

In terms of stability, Linux ranks between Windows NT and Windows 2000.

Why would people want to use something that doesn't do anything they want?

Seriously, Is Firefox susceptible to this too? (1)

pentalive (449155) | more than 7 years ago | (#16721839)

Or is it only via IE.

What other ways can this exploit be triggered?

Re:Seriously, Is Firefox susceptible to this too? (1)

Shados (741919) | more than 7 years ago | (#16721875)

Its the forever plague of the ActiveX vulnerabilities (though semi-indirectly in this case). So Firefox is safe. Anything that uses XMLHTTP control in a way that it could get arbitrairy inputs is vulnerable.. In other words, Internet Explorer, anything that uses MSHTML straight to connect to random web sites (its safe if its only trusted web sites), so that includes Outlook, etc. Thats about it. But thats too much for my taste.

Re:Seriously, Is Firefox susceptible to this too? (1)

1337Garda (1011059) | more than 7 years ago | (#16721933)

So, am i right in saying that IE7, the new browser that was supposed to be really secure and reliable has now got its second major security flaw since its release only a matter of weeks ago.

Re:Seriously, Is Firefox susceptible to this too? (5, Informative)

Shados (741919) | more than 7 years ago | (#16722023)

Yes and no. This flaw is specific to XMLHTTP, which is kind of developed independantly. You also can use XMLHTTP without using IE at all, thats why I say its independant. Its probably a buffer overflow, and not much to do about it in this case. So yes IE7 has a flaw, but there really isn't anything they could do in the current context. -HOWEVER-, while IE7 is more secure than IE6 in a million ways, the WinXP version is nothing but a shadow of the real thing. The sandboxed IE7 is on Vista only, and I'm pretty damn sure this vulnerability is not an issue there. Anyway, so its more semantic here, but you could say "yes, IE7 has a vulnerability". however, its a little bit like if there was a vulnerability in KDELIB across the board...obviously that would touch Konqueror, no matter how secure Konquerer itself is... Can't excuse that one though. IE7 on XP is far, far from secure. More secure, but not secure.

Re:Seriously, Is Firefox susceptible to this too? (2, Informative)

uhlume (597871) | more than 7 years ago | (#16722127)

Only by virtue of Microsoft's attempt to provide backward compatability for AJAX sites developed for older versions of IE.

Prior to IE7, the XMLHTTP object, used to retrieve data from external sources without full-page reloads, was provided by an external ActiveX control. With IE7, Microsoft has implemented XMLHTTP natively in-browser, rendering the ActiveX control unneccesary -- however, it's still possible for older sites which haven't yet been rewritten to take advantage of native XMLHTTP support to load the ActiveX version.

The good news is, if you don't mind breaking the many AJAX-reliant sites which still use the old-style XMLHTTP object, you can disable it completely through IE7's (and IE6SP2's) Add-on management.

Oh good... (0, Troll)

Duncan3 (10537) | more than 7 years ago | (#16721867)

"all Microsoft based operating systems except Windows 2003"

Glad nobody I know is vulnerable to this. Everyone is OSX, Linux, or Win2003 for a long time now.

Re:Oh good... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16721905)

You probably don't know enough people then.

Re:Oh good... (1)

Shados (741919) | more than 7 years ago | (#16721945)

Its sad when you think that Windows 2003 is a better desktop OS than Windows XP...a bit pricey for a desktop, too =P

Re:Oh good... (1)

Duncan3 (10537) | more than 7 years ago | (#16722091)

It is when you can run as non-admin and have it mean something.

3 years and zero virii, trojans, etc on any of the Win machines.

Re:Oh good... (1)

Shados (741919) | more than 7 years ago | (#16722129)

That probably comes with good usage more than just the OS though. I've ran NT4, 2k, and XP for about 9 years over (I think thats right?), and didn't get even as much as a spyware on any of those, without any permanent scanners (I scan like once every 6 months or so). But the whole running in non-admin and mean something thing does sound cool.

Re:Oh good... (0)

Anonymous Coward | more than 7 years ago | (#16722075)

Your lack of friends does not change the percentage of people that use Windows.

OpenBSD! (0)

Anonymous Coward | more than 7 years ago | (#16721869)

Actually, after I got tired of calling Microsoft to activate my XP on 2 different machines a zillion times I just grabbed my Win2k Pro CD and slipstreamed it to SP4, after which I used the CD to set myself up some images for QEMU and I disallow w2k to do anything except SSH and FTP to the host (Linux) machine.

Need to try this on OpenBSD too.

Running Windows with it's gonads hanging out the window is asking for trouble.

If I did not have some expen$ive proprietary software that I need to use, I'd not touch the leper. :)

A Web "browser" - implies "just looking" (1, Funny)

NotQuiteReal (608241) | more than 7 years ago | (#16721897)

What is so hard about the concept of a program that can go out to the Internet, look at what is there and renders it for me. WITH NO WAY TO CHANGE ANYTHING ON MY COMPUTER.

Is that so much to ask for, of ANY browser?

Re:A Web "browser" - implies "just looking" (1)

The Lone Man (1017800) | more than 7 years ago | (#16721937)

I'm going to go away and laugh now.

Re:A Web "browser" - implies "just looking" (1)

TheRaven64 (641858) | more than 7 years ago | (#16722067)

Well, you could always run a browser in a virtual machine and not allow it to save state. Alternatively, it is quite easy to write a systrace policy that prevents writing to any files that are not in the cache directory (and optionally a downloads directory), and doesn't permit it to read any files other than its dependent libraries.

Re:A Web "browser" - implies "just looking" (1)

cheater512 (783349) | more than 7 years ago | (#16722143)

Or you could just remove the execute bit from the cache dir.

Oh wait. Wrong OS. Your screwed. :)

Your vs You're (3, Funny)

idonthack (883680) | more than 7 years ago | (#16722185)

Your screwed.
What about my screwed?

Douche vs. bag (0)

Anonymous Coward | more than 7 years ago | (#16722413)

Imagine that - a post that's not informative, funny, ironic or in any way meaningful. Is this all that YOU'RE contribution to /. consists of? Sad.

Re:A Web "browser" - implies "just looking" (1)

dreamer-of-rules (794070) | more than 7 years ago | (#16722453)

Well, you could always run a browser in a virtual machine and not allow it to save state.

Not that you were implying otherwise, but...

It's bloody difficult to do that with the Windows Internet Explorer (explorer.exe) because it is also:
-- the File Manager
-- the Start Menu and Start Bar
-- the Desktop
-- embedded in CA Anti-Virus, Veritas, and Quickbooks and many other business apps

If you go into the Advanced options you can choose to run each instance in a different process, but that's not the default.

Stupid! Stupid! Stupid, Microsoft!

Re:A Web "browser" - implies "just looking" (0)

Anonymous Coward | more than 7 years ago | (#16722513)

Actually, in windows xp, internet explorer is iexplorer.exe, whereas explorer.exe is everything else.

Re:A Web "browser" - implies "just looking" (1)

daveb (4522) | more than 7 years ago | (#16722565)

You haven't used a virtual machine have you? go download VMWare of virtual-pc (slower but invades your system less than vmware - and the full thing is free from microsoft). You will find that there's a option to delete changes on exit. It's not hard - just a tad over the top

Re:A Web "browser" - implies "just looking" (0)

Anonymous Coward | more than 7 years ago | (#16722105)

It's going to be hard to build, parse, and render a DOM without modifying the contents of your RAM.

Re:A Web "browser" - implies "just looking" (1)

anomalous cohort (704239) | more than 7 years ago | (#16722487)

program ... go out to the Internet ... no way to change anything on my computer

I guess that you don't see any value in bookmarking or in caching for performance.

Actually, there is something close to what you are describing. It is called a Linux live CD with firefox on it such as knoppix.

Doesn't affect windows 2003 (0)

Anonymous Coward | more than 7 years ago | (#16721903)

That's cool. This is my pirate version of choice for the desktop.
Isn't even affected by WGA.

Niiice.

In Soviet Russia (1, Funny)

alphasubzero949 (945598) | more than 7 years ago | (#16721973)

Windows exploits you!

Re:In Soviet Russia (0)

Anonymous Coward | more than 7 years ago | (#16722307)

I thought that was true everywhere.

Request (0)

Anonymous Coward | more than 7 years ago | (#16721983)

Can anyone reply with the HTML code that this vulnerability can exploit for me?... ...

Why are you looking at me that way?

Hello my name is Microsoft... (1)

alnjmshntr (625401) | more than 7 years ago | (#16722027)

and I write buggy software. I am by no means a MS basher, but the security advisory that they have put out reads like an endless stream of lame excuses.

It may very well be that stupid users or badly configured systems allow these exploits to thrive but FFS Microsoft just admit that you are actually at least partially to blame.

As long as they fail to realise that they are not gods and do actually write buggy software, what hope is there that they will ever succeed in producing something secure?

Oh No! (1)

dreamlax (981973) | more than 7 years ago | (#16722103)

Someone set up us the exploit!

Re:Oh No! (0)

Anonymous Coward | more than 7 years ago | (#16722263)

What you say!!

"Zero day" (0, Redundant)

Stormwave0 (799614) | more than 7 years ago | (#16722173)

Whatever happened to the days of when exploits were just called exploits? Now, everyone has to add zero day just to make it sound scary. Does anyone really care?

I, for one, am sick of the "zero day" exploits. Call them exploits, because that's what they are.

And before anyone brings it up, yes I am aware that zero day means the exploit was released the day the vulnerability was announced/discovered. That still doesn't change my opinion.

Re:"Zero day" (0)

Anonymous Coward | more than 7 years ago | (#16722425)

Okay, so "zero day exploit" is passe. Then let's change the name for this, punch it up a little and perhaps bring it more into line with the planned Vista license...

"Dear Microsoft Customer,

Recently, we detected an Unauthorized license violation, where someone other than the licensed user was using the software. As you know, this violates the terms of use as outlined in the License Agreement..."

Then they can brick the machine, requiring either purchasing a new copy of Windows or a new license, or, better yet, make an example of the culprit and bring suit against them.

Beats having to fix it!

That's what they get (2, Funny)

jrmiller84 (927224) | more than 7 years ago | (#16722175)

Internet Explorer 6/7
Well that's what they get for not updating and running Internet Explorer 6/7! It's not even version 1.0!

Now for some real news (1)

davidwr (791652) | more than 7 years ago | (#16722281)

You want news? Now this would be news:

REDMOND - NOV 23, 2006
Microsoft is proud to announce that for the second day in a row, now 0-day exploits were discovered in its flagship Microsoft Operating System.

careful (1)

WisC (963341) | more than 7 years ago | (#16722299)

Before the linux freaks start foaming at the mouth (and knob) about another windows vulnerbility, lets get things in perspective:

Most people will try and be pragmatic about a given situation and accept the lesser of two evils, in this case windows. Before you all jump on this if I asked you which language would you rather speak English (not the perfect language, but the majority of people understands and use it like windows) or Latin (Archaic, long winded, difficult to understand and only oucasts of humanity and people living in the past use it, like linux) ...Yep thought so, don't worry linux users, you can always lick up the mess from those foaming knobs

Re:careful (0)

Anonymous Coward | more than 7 years ago | (#16722345)

You're a dumbass. Mandarin is spoken by twice as many people as English. Just because you can't talk to them, doesn't mean they don't exist.

Re:careful (1)

WisC (963341) | more than 7 years ago | (#16722541)

You red commie pinko, its people like you who speak mandarin and buy cheap chinese tvs from walwart that will ensure the rising and enslavement of the west by the commies

Payload (1)

oh_the_humanity (883420) | more than 7 years ago | (#16722303)

Is this just a vulnerability , or is there an exploit for it in the wild. If so, what is the payload? I use a mac , so I'm not concerned for me , just the network i manage.

Re:Payload (1)

dreamer-of-rules (794070) | more than 7 years ago | (#16722405)

First, the term "Zero Day [wikipedia.org] means that there is an exploit already.

Second, If you had clicked on either link in the article, or bothered to read the other replies, before clicking the "Reply" link, typing in your questions, and clicking Submit, you would have discovered that an exploit does exist, and the result is "arbitrary code with the same rights as the user". Vulnerability and prevention details are in said articles.

Third, I also use a Mac and manage a Windows network. And I am restraining myself when I say, "Argh! You..!"

Oh neato (1)

racebit (959234) | more than 7 years ago | (#16722349)

Cool, a new zero day exploit for win9x/nt

In other news, it is being reported that the sun rose this morning. Tape at eleven.

Warning warning danager danger! (0, Flamebait)

Orion Blastar (457579) | more than 7 years ago | (#16722497)

The Internet is not safe if you use Windows and IE 6/7. Please Do NOT click any links [uncyclopedia.org] until these issues are fixed. If you do, you might get pwn3d [uncyclopedia.org] by 12 year-old script-kiddies or unemployed computer geeks turned hackers that still live with their mothers in the basement and are upset at the world.

Does not affect Vista (1)

ThinkFr33ly (902481) | more than 7 years ago | (#16722501)

This flaw does not affect Vista users thanks to IE 7's Protected Mode [microsoft.com] feature.

Every Microsoft Operating System? (0)

Anonymous Coward | more than 7 years ago | (#16722519)

Holy crap! Time to look for patches for my DOS 2.1 and Xenix systems!

Or, you know, look for accurate reporting. Either one, really.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>