Jan. 22nd, 2010

thewayne: (Default)
From TFA: Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.

According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”


Linux and Mac have forced you to use Sudo to access low-level stuff for quite a while now, most Windows home users, prior to Vista, have been running as local admin, and were very vulnerable to this. Vista and Win7 made a lot of improvements in this area, but there are still far too many compromises possible.

http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw


In other news, Microsoft released a patch for this particular exploit.

http://www.pcmag.com/article2/0,2817,2358284,00.asp

http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art_pos=17

August 2025

S M T W T F S
     12
34 56789
10111213 141516
17181920 212223
24252627282930
31      

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Aug. 22nd, 2025 05:48 am
Powered by Dreamwidth Studios