Author Topic: Exploit for "Zero-Day" Vulnerability Detected by Microsoft  (Read 42023 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #75 on: April 11, 2007, 07:05:45 PM »
Hi bob3160,

But this is even worse, the patches that weren't there or the so-called outstanding vulnerabilities, and there is a critical amongst 'em:
http://isc.sans.org/diary.html?storyid=1940&dshield=f4ef5d5410c17a922b1089efa3a7914c

How do you view this?

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #76 on: April 12, 2007, 10:42:11 PM »
Quote
IT organizations are being urged to deploy a patch for a bug affecting how Microsoft Windows handles animated cursors as spammers step up their efforts to exploit the flaw—this time with a promise of lewd pictures of celebrity hotel heiress Paris Hilton.

Quote
"Although organizations appear to be getting better, we still see exploits for vulnerabilities long after the patches have been released," Hubbard said. "As an example we see approximately 10-15 percent exploitation success on vulnerabilities that have been patched for 6 months-plus still."

 :o

http://www.eweek.com/article2/0,1895,2113470,00.asp
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

avatar2005

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #77 on: April 12, 2007, 10:55:45 PM »
Oh! & what we should do now. MS is continuing the fight with their "holes", but the costumers are still vulnerable to "ANI" ??? :o :-\ :'(

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #78 on: April 12, 2007, 11:15:08 PM »
Oh! & what we should do now. MS is continuing the fight with their "holes", but the costumers are still vulnerable to "ANI" ??? :o :-\ :'(
It's been patched.... Did you do the update???
All this article states is that even though the patch has been issued, it's still in use and still effective
because people don't update their systems.
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #79 on: April 12, 2007, 11:37:31 PM »
Hi bob3160,

But you did not see my link further up the thread or did not read the info there. There are some long(er) outstanding holes in Microsoft code for which there are no patches in sight. That is even worse like a zero-day that will be patched, but a hole for which there is no cure in siight is a security risk.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #80 on: April 13, 2007, 12:14:41 AM »
Hi bob3160,

But you did not see my link further up the thread or did not read the info there. There are some long(er) outstanding holes in Microsoft code for which there are no patches in sight. That is even worse like a zero-day that will be patched, but a hole for which there is no cure in siight is a security risk.

polonus
I saw and read your post Damien.  :)
Didn't answer it because we already know that MS only seems to act when it becomes an actual threat.  >:(
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet

avatar2005

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #81 on: April 13, 2007, 08:42:17 AM »
Hi Bob!
Indeed, that's why IMHO, the behavior of Microsoft in this situation is a huge problem ;(

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #82 on: April 13, 2007, 09:10:27 AM »
Hi avatar2005,

One of the problems here is backward compatibility and M$ rather putting their own solutions on top as a way to steer away from competition (making their own standards prevail, or own them) or running other standards into the ground. Some of the problems mentioned are unavoidable, and just come with software and coders, because humans are fallible beings...etc)
But for some of its problems M$ has to blame themelves in their continuing drive to uphold their monopolies (their flip flop on Sun java for instance, while developers begged to come around another way: http://news.com.com/2100-1001-203541.html ). As this is not likely to change in the foreseeable, we're in for more surprise..

polonus
« Last Edit: April 13, 2007, 09:21:09 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

avatar2005

  • Guest
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #83 on: April 13, 2007, 07:13:01 PM »
I meant that ??? ??? ???

Offline bob3160

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 48523
  • 64 Years of Happiness
    • bob3160 Protecting Yourself, Your Computer and, Your Identity
Re: Exploit for "Zero-Day" Vulnerability Detected by Microsoft
« Reply #84 on: April 14, 2007, 01:34:49 AM »
Quote
But for some of its problems M$ has to blame themelves in their continuing drive to uphold their monopolies
polonus,
If it where your product and your bread and butter wouldn't you ???
Free Security Seminar: https://bit.ly/bobg2023  -  Important: http://www.organdonor.gov/ -- My Web Site: http://bob3160.strikingly.com/ - Win 11 Pro v22H2 64bit, 16 Gig Ram, 1TB SSD, Avast Free 23.5.6066, How to Successfully Install Avast http://goo.gl/VLXdeRepair & Clean Install https://goo.gl/t7aJGq -- My Online Activity https://bit.ly/BobGInternet