Code Forums - View Single Post

Belisarius · 01-03-2006, 03:28 PM

I try not to be too much of a chicken-little on these things, and I'm usually not too concerned about viruses as I use best-practices, but the buzz surrounding this vulnerability is pretty intense. The rumor is that it *isn't* reliability picked up by virus scanners, and (I didn't even think this was possible) is imbedded in images. That means all you need to do is view a website (I think message boards are particularly vulnerable as seed-points) with an infected image and you've got it.

Sans message. Slashdot articles here and here.

Microsoft isn't planning on pushing out an update for about a week, but if a working virus hits first, it sounds like there's no real defense. Sans is suggesting that people install a third-party patch they have tested and are hosting here until the official MS patch comes out. I've installed it and so far my computer hasn't exploded, so take that as you will . . .

01-03-2006, 03:28 PM	#1 (permalink)
Belisarius Java fanboy Join Date: Aug 2003 Posts: 1,161	New Windows Vulnerability. I try not to be too much of a chicken-little on these things, and I'm usually not too concerned about viruses as I use best-practices, but the buzz surrounding this vulnerability is pretty intense. The rumor is that it isn't reliability picked up by virus scanners, and (I didn't even think this was possible) is imbedded in images. That means all you need to do is view a website (I think message boards are particularly vulnerable as seed-points) with an infected image and you've got it. Sans message. Slashdot articles here and here. Microsoft isn't planning on pushing out an update for about a week, but if a working virus hits first, it sounds like there's no real defense. Sans is suggesting that people install a third-party patch they have tested and are hosting here until the official MS patch comes out. I've installed it and so far my computer hasn't exploded, so take that as you will . . . __________________ GitS