(no subject)

Sep. 28th, 2004 01:40 am
kuangning: (disaffected)
[personal profile] kuangning
Btw, folks, in case the news has missed you, there's yet another Windows vulnerability that's quickly being exploited. This one involves many Microsoft programs that handle JPEG image files -- which include, of course, the ever-lovable IE and Outlook. If you're running MS products, you should check here for a list of affected software and links to their patches. Note that you're going to need to run a patch separately for each piece of vulnerable software on your machine.

(And no, you're not perfectly safe if you use Firefox and don't use Outlook. If there's a real difference between Windows Explorer and IE, I haven't seen it -- try typing a URL into a Windows Explorer window sometime and see what happens. If you have on your machine MS products that show images, this bulletin's for you.)
  • Current Mood: awake
  • Current Music: Bush - Come Down (Priomh Radio)
Flat | Top-Level Comments Only

Date: 2004-09-27 11:12 pm (UTC)
From: [identity profile] rbos.livejournal.com
I tested exploit code on Firefox a while back under Windows on both 2k and XP; no effect. I don't think it uses the Windows rendering library. Do you have a source for this?

Date: 2004-09-28 10:22 am (UTC)
kuangning: (Default)
From: [personal profile] kuangning
The link given (http://www.microsoft.com/technet/security/bulletin/ms04-028.mspx) is Microsoft's own security bulletin. Further information on the way the vulnerability's already being exploited is here and here as well. Note that if you've grabbed the jpeg with Firefox or something non-vulnerable but then attempt to click on it with an unpatched version of Windows, the effect is the same.

Date: 2004-09-28 08:39 am (UTC)
From: [identity profile] salinn.livejournal.com
I knew there was a reason I used Win 98. Although some of the work computers might have to be checked out...

Date: 2004-09-28 10:23 am (UTC)
kuangning: (Default)
From: [personal profile] kuangning
Be sure to look up your version of IE and any Office products you're running as well as your operating system -- they have to be patched separately.

Date: 2004-09-28 12:37 pm (UTC)
From: [identity profile] salinn.livejournal.com
okay, I went to windows update and they told me there was one new critical update, something that sensed whether I had these .NET things and other products that might use this entryway into my system, it said that I did not. But this is my work computer, I haven't tried it at home yet. Does windows update catch this?

Date: 2004-09-28 01:03 pm (UTC)
kuangning: (Default)
From: [personal profile] kuangning
I'm not sure, since I didn't use Windows update -- I went and downloaded patches separately from the bulletin page. I think all the windows update does is tell you what .Net things you're running, and then bring you back so you can get the patches for the ones you have.
Flat | Top-Level Comments Only

Profile

kuangning: (Default)
kuangning
Fractalierre

September 2015

S M T W T F S
  12345
6789101112
13141516171819
2021 2223242526
27282930   

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Apr. 10th, 2026 03:45 pm
Powered by Dreamwidth Studios