The IE exploit that allowed the Google hack? MS knew about it IN SEPTEMBER

Jan. 22nd, 2010 09:23 am
thewayne: (Default)
[personal profile] thewayne
From TFA: Microsoft confirmed it learned of the so-called “zero-day” flaw months ago.

According to Microsoft, “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Linux and Mac have forced you to use Sudo to access low-level stuff for quite a while now, most Windows home users, prior to Vista, have been running as local admin, and were very vulnerable to this. Vista and Win7 made a lot of improvements in this area, but there are still far too many compromises possible.

http://www.wired.com/threatlevel/2010/01/microsoft-zero-day-flaw


In other news, Microsoft released a patch for this particular exploit.

http://www.pcmag.com/article2/0,2817,2358284,00.asp

http://tech.slashdot.org/story/10/01/21/2135226/Microsoft-Patches-Google-Hack-Flaw-In-IE?art_pos=17
Tags:
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2010-01-23 12:03 am (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
...And you may as well just be running your admin account all the time. Got it.

I do think marketing determines when products get released, instead of developers - I wonder how many Service Packs could be avoided simply by waiting until the developers were ready to release...

Date: 2010-01-23 02:37 am (UTC)
From: [identity profile] thewayne.livejournal.com
The problem is that if a project is left strictly to the developers, they may never say it's good to go. It takes good management to hold the developer's feet to the fire to get the product out the door, which is the need for measurable milestones in the project plan. The other problem, which is more Windows specific than Mac (which is not to say that Mac OS and hardware is flawless) is the nigh infinite combination of hardware, OS version, OS updates, and software and all their interactions. One of the things that I find quite amusing is to see how long it takes the first patches to come out for a new product, Windows or Mac. Mac OS-X doesn't have as many OS patches because Apple is fanatic about controlling the hardware.

Date: 2010-01-24 10:29 pm (UTC)
silveradept: A kodama with a trombone. The trombone is playing music, even though it is held in a rest position (Default)
From: [personal profile] silveradept
True. Although it seems like the Linux community is reasonably good at making their OS work with the infinite possibilities of hardware, but then they're not as concerned with proprietary information getting out. If OSX were as popular and had as many things written for it as Windows does, then maybe they'd have the same sort of problems. Maybe Intel Macs have some of those?
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

thewayne: (Default)
The Wayne
Spare Brains Games

January 2026

S M T W T F S
    1 23
45678910
11121314151617
18192021222324
25262728293031

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Jan. 2nd, 2026 07:42 pm
Powered by Dreamwidth Studios