Attack code comes on heels of Microsoft patches

By Greg Sandoval, CNET News.com
Published on ZDNet June 14, 2006, 5:55 PM PT

Just a day after Microsoft released patches for vulnerabilities in some of
its software, code designed to take advantage of those weaknesses appeared
on the Internet.

http://news.zdnet.com/2100-1009_22-6084000.html?tag=nl.e589

 

|>By Greg Sandoval, CNET News.com
|>Published on ZDNet June 14, 2006, 5:55 PM PT
|>
|>Just a day after Microsoft released patches for vulnerabilities in some of
|>its software, code designed to take advantage of those weaknesses appeared
|>on the Internet.
|>
|>http://news.zdnet.com/2100-1009_22-6084000.html?tag=nl.e589

That's useful, it links to the 21 patches released this month
http://news.zdnet.com/2100-1009_22-6083424.html?tag=nl
Some working betters than others

 

That's why it's important to keep your system patched regardless of the OS you run.

 

wrote in

Only 21 this month??? The hackers are getting lazy! Or maybe
taking a long vacation before Vista gives them something new to
play with...

Of course, since I'm dumb enough to still be running Win95B and
have all scripting and java files removed and no IE/OE
installed, I don't have to worry about ANY of this shit. But I
guess I'm just STOOPID and technologically retarded. HOW I even
manage to post this using my 9 year old computer is surely
beyond all human comprehension.

I wonder how many weekly patches Vista will be bestowing upon
the bleating cutting edge?

 

|> wrote in
|>
|>
|>>
|>>|>By Greg Sandoval, CNET News.com
|>>|>Published on ZDNet June 14, 2006, 5:55 PM PT
|>>|>
|>>|>Just a day after Microsoft released patches for
|>>|>vulnerabilities in some of its software, code designed to
|>>|>take advantage of those weaknesses appeared on the
|>>|>Internet.
|>>|>
|>>|>http://news.zdnet.com/2100-1009_22-6084000.html?tag=nl.e589
|>>
|>> That's useful, it links to the 21 patches released this
|>> month
|>> http://news.zdnet.com/2100-1009_22-6083424.html?tag=nl Some
|>> working betters than others
|>
|>Only 21 this month??? The hackers are getting lazy! Or maybe
|>taking a long vacation before Vista gives them something new to
|>play with...
|>
|>Of course, since I'm dumb enough to still be running Win95B and
|>have all scripting and java files removed and no IE/OE
|>installed, I don't have to worry about ANY of this shit. But I
|>guess I'm just STOOPID and technologically retarded. HOW I even
|>manage to post this using my 9 year old computer is surely
|>beyond all human comprehension.

You got an update (MS06-026) not sure if this is for the WMF exploit
or not

|>I wonder how many weekly patches Vista will be bestowing upon
|>the bleating cutting edge?

Na not with Vista - Microsoft: Vista Most Secure OS Ever
http://www.betanews.com/article/Microsoft_Vista_Most_Secure_OS_Ever/1150366131
http://tinyurl.com/ktw4c

I've heard this prior to all the other windows OS releases

 

They can add that to the list with "The check is in the mail" and "I won't cum
in your mouth."

 

wrote in

Not sure what you are talking about... is this something like
that genius with a sense of humor making jpg's run trojan
scripts in IE/OE???

The only WMF files I've seen came on my set of clipart discs
(boy did I ever get mileage out of THAT purchase... 3 pix in 10
years...)

I have NO M$ ware installed except the OS.

Well, as long as you don't mind M$/HSO knowing everything about
your bank accounts and tax records, everywhere you've been in
the last 20 years, whether you have any Muslim friends, what
drugs your kid uses, what the name McCarthy means to you, when
the last time you went to church was, whether you own legal
DVD's of all the Star Wars movies like every good American
should, etc...

Or are these now Google's main areas of concern... I get a
little confused sometimes... So many big brothers all over the
place...

 

|>> You got an update (MS06-026) not sure if this is for the
|>> WMF exploit or not

|>Not sure what you are talking about... is this something like
|>that genius with a sense of humor making jpg's run trojan
|>scripts in IE/OE???
|>
|>The only WMF files I've seen came on my set of clipart discs
|>(boy did I ever get mileage out of THAT purchase... 3 pix in 10
|>years...)
|>
|>I have NO M$ ware installed except the OS.

The WMF exploit was one I was really concern'd about (XP) and one
update I installed (third party)

It wasn't a concern for WIn98 before
http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx


It is now, you need to download the update as it's for the WMF
exploit.
https://www.microsoft.com.nsatc.net/technet/security/Bulletin/MS06-026.mspx

 

wrote in

Thank you, I appreciate the warning. It is nice of you to be
concerned about someone as obviously ultra-cynical and
thanatoidal as I am. Seriously, I'm not making fun of you.

This appears to be more-or-less a WMF version of the jpg trick I
mentioned. That only affected IE/OE users, and although this
page doesn't specifically mention IE, I believe M$ is under the
(regrettably almost 100% correct) impression that everyone uses
their browser so they don't even have to mention it. But I don't
use it. And I use 95B for the internet, which they don't mention
because this problem either doesn't apply to the 95B version of
the image rendering engine, or because 95 is "officially" dead.
Also, I suspect the MS IREngine only works with MS applications,
of which, as I mentioned, I have none, except the OS.

I can't even remember when I last saw a WMF image on any web
page, and I use a browser (OffBy1) which is not only the fastest
thing on earth, but is also so simple that it basically
eliminates all dangers and annoyances (popups etc.) by virtue of
its design. It only reads jpg, gif and png (maybe bmp, not
sure, not many bmp's on the web), and doesn't even recognize let
alone execute Java, ActiveX or scripts. I do occasionally use
Opera, but only to access hotmail and my bank.

So I'm not going to worry about it.

Thank you anyway.

 

|>I can't even remember when I last saw a WMF image on any web
|>page, and I use a browser (OffBy1) which is not only the fastest
|>thing on earth, but is also so simple that it basically
|>eliminates all dangers and annoyances (popups etc.) by virtue of
|>its design. It only reads jpg, gif and png (maybe bmp, not
|>sure, not many bmp's on the web), and doesn't even recognize let
|>alone execute Java, ActiveX or scripts. I do occasionally use
|>Opera, but only to access hotmail and my bank.
|>
|>So I'm not going to worry about it.

To each his own. http://www.updatexp.com/wmf-exploit.html

 

Hopefully you have a firewall as you are vulnerable to this:

http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx

 

Interesting observation: the release of patches ALSO tells the virus
writers where to look for the vulnerabilities and to release the virus
before the patches get too widespread.

 

Of course I have a firewall. I am also running a 32bit netstat
viewer, a file change monitor, and a process monitor. Every
other month or so I scan the system for viruses and spyware, but
have never found anything. I did once find a "call home" file,
but since I caught it during the install with InCtrl4, I deleted
it manually anyway.

I used to run an anti-virus program while on-line but since I
don't use IE, have Java and scripting disabled, never click on
anything let alone exes, and scan everything I download, I
decided it was just a waste of resources - a 9 year old computer
is lucky to have 64MB of RAM.
;-)

I did get some stupid virus once in an email from a clueless OE-
using friend but since I have all scripting files removed, it
couldn't do anything.

That's all that's ever happened in about 10 years.

I hate to sound cocky, since generally speaking, that is just
asking for trouble - and also my personal self-esteem is
actually very low - but I really don't believe I have any cause
for concern. My system has repeatedly tested as "stealth" on
several different security sites.

And since I would rather keep it this way, not to mention
wasting hundreds of hours getting XP/Vista/Fuberknucker or
whatever to work right, and having to install several updates
each week for the rest of my life, I'm staying with these OS's.

Since I can do everything I need to do on my two computers as
they are (the 2nd is a 2GHz P4 running w98SE Lite), I see no
reason whatsoever to change anything.

But thanks for the link anyway. Although I must add that having
to wade through pages like that all the time is yet another
excellent reason to not change anything.

Now you must excuse me, as I have to go file my claws on the
nearest rock. As if having to drag a thirty-foot tail behind me
all the time wasn't enough hassle...