Microsoft fixes critical Windows flaw
Microsoft has released its November security updates, fixing a critical Windows bug that has been exploited by online criminals. Microsoft released just two security updates this month, but security experts say that IT staff will want to install both of them as quickly as possible. The MS07-061 update is particularly critical because the flaw it repairs has been seen in Web-based attack code, said Amol Sarwate, manager of Qualys’s vulnerability research lab. “This was a zero day [flaw] that was being used in the wild by hackers,” he said.
The flaw has to do with the way Windows passes data between applications, using a technology called the URI (Uniform Resource Identifier) protocol handler. This is the part of Windows that allows users to launch applications — an e-mail or instant messaging client, for example — by clicking on a Web link. Because Windows does not perform all of the security checks necessary, hackers found ways to sneak unauthorized commands into these Web links and the flaw could be exploited to install unauthorized software on a victim’s PC. Microsoft’s patch for this problem is rated critical for Windows XP and Windows Server 2003 users, but the bug does not affect Windows 2000 or Vista, Microsoft said. Better update than be angry when someone hacks your computer…
Source: PC WorldÂ
windows hacked….never!
:O good thing i’m running win95! i’m not affected
I felt the hack. Had to reboot yesterday. Comp restarted as soon as i logged on :/ Im cured now
great to have ya back #4
haha good thing im still running dos im never hacked!!!! and never affected and plagued by these updates!
Thank you to all the security experts, hackers and Microsoft for identifying, testing and patching these vulnerabilities for free, making my operating system ever so safe.
good thing i wasn’t hacked…i’d have to open a can of whoop-ass!
At times, I do wonder if all these critical updates which are not needed for the newest OS really exist?
And how long yook them to fix this issue? I bet at least 2-3 months. again.
oh yea… i got a virtual postcard that was off some random spammer that linked to a webpage with the code mentioned, i used ff and the script blocker plugin to get the code.. ive been playing with it ever since, its quite usefull lol
Are you telling me I have to make ANOTHER build of the customXP disk I just burnt? You sons of satan!
The only thing worse than microsoft’s buggy software is stupid spammers like #12 mark
An idea … for articles like this one, relating to MS fixes and such, it might be good to add a link to, or mention of, the various means of getting MS updates without using windowsupdate. There are various sites and apps that can do this for you and some of the users here might appreciate that. No, I’m not talking about cracked WGA or anything like that, merely the sites that supply all the fixes and updates on their own servers, so you can completely circumvent MS.
It was a zero-day bug… for XP and 03! How have they not noticed this sooner!?
So, knowing that you are a helpful guy/girl..who really knows..
what might be the name of the programs or sites that let you circumvent MS tramp?
http://windowsupdate.62nds.com/
IMHO there is still a critical flaw.
No one has executed Bill, Steve, and the developers yet.
Maybe Santa will bomb Redmond for Christmas?
You know when windows tuesday’s monthly fixes come around I am usually looking at 5 or 6 security fixes. What do winxp users get instead? 1 damn patch for this problem with drm bug that shipped with windows 6 years ago. WOW!! Way to help out the users.. out of all the problems with windows they give us 1 patch for some useless drm problem.
@15 - A very useful site, better then windows update and faster also.
I can’t use windows expolorer for some reason after I nlited my OS. I will have to figure out what I did wrong, but it has to do with the slipstreaming of the latest 7.0 release that removes the wga.
This POC demonstrates this vulnerability:
http:%xx../../../../../../../../../../../windows/system32/calc.exe”.bat
mailto:test% ../../../../windows/system32/calc.exe”.cmd
so this is the update that waited till i was sleeping and in the middle of downloading a 4 gig file!!! which off course with all windows updates it forces your computer to restart!!!! so when i woke up i was greeted with a restarted computer and an incomplete download…
Microsoft need to get rid of the forced restart with its updates!
@19
LOL DUDE turn off automatic updates, change it to notify only or such
after getting the security update now my utorrent doesnt work properly. wtf