Attack code comes on heels of Microsoft patches

Discussion in 'Computer Support' started by Au79, Jun 15, 2006.

  1. Au79

    Au79 Guest

    By Greg Sandoval, CNET News.com
    Published on ZDNet June 14, 2006, 5:55 PM PT

    Just a day after Microsoft released patches for vulnerabilities in some of
    its software, code designed to take advantage of those weaknesses appeared
    on the Internet.

    http://news.zdnet.com/2100-1009_22-6084000.html?tag=nl.e589
     
    Au79, Jun 15, 2006
    #1
    1. Advertisements

  2. Au79

    Pennywise Guest

    Pennywise, Jun 15, 2006
    #2
    1. Advertisements

  3. Au79

    Fuzzy Logic Guest

    That's why it's important to keep your system patched regardless of the OS you run.
     
    Fuzzy Logic, Jun 15, 2006
    #3
  4. Au79

    thanatoid Guest

    wrote in

    Only 21 this month??? The hackers are getting lazy! Or maybe
    taking a long vacation before Vista gives them something new to
    play with...

    Of course, since I'm dumb enough to still be running Win95B and
    have all scripting and java files removed and no IE/OE
    installed, I don't have to worry about ANY of this shit. But I
    guess I'm just STOOPID and technologically retarded. HOW I even
    manage to post this using my 9 year old computer is surely
    beyond all human comprehension.

    I wonder how many weekly patches Vista will be bestowing upon
    the bleating cutting edge?
     
    thanatoid, Jun 16, 2006
    #4
  5. Au79

    Pennywise Guest

    |> wrote in
    |>
    |>
    |>>
    |>>|>By Greg Sandoval, CNET News.com
    |>>|>Published on ZDNet June 14, 2006, 5:55 PM PT
    |>>|>
    |>>|>Just a day after Microsoft released patches for
    |>>|>vulnerabilities in some of its software, code designed to
    |>>|>take advantage of those weaknesses appeared on the
    |>>|>Internet.
    |>>|>
    |>>|>http://news.zdnet.com/2100-1009_22-6084000.html?tag=nl.e589
    |>>
    |>> That's useful, it links to the 21 patches released this
    |>> month
    |>> http://news.zdnet.com/2100-1009_22-6083424.html?tag=nl Some
    |>> working betters than others :)
    |>
    |>Only 21 this month??? The hackers are getting lazy! Or maybe
    |>taking a long vacation before Vista gives them something new to
    |>play with...
    |>
    |>Of course, since I'm dumb enough to still be running Win95B and
    |>have all scripting and java files removed and no IE/OE
    |>installed, I don't have to worry about ANY of this shit. But I
    |>guess I'm just STOOPID and technologically retarded. HOW I even
    |>manage to post this using my 9 year old computer is surely
    |>beyond all human comprehension.

    You got an update (MS06-026) not sure if this is for the WMF exploit
    or not

    |>I wonder how many weekly patches Vista will be bestowing upon
    |>the bleating cutting edge?

    Na not with Vista - Microsoft: Vista Most Secure OS Ever
    http://www.betanews.com/article/Microsoft_Vista_Most_Secure_OS_Ever/1150366131
    http://tinyurl.com/ktw4c

    I've heard this prior to all the other windows OS releases :)
     
    Pennywise, Jun 16, 2006
    #5
  6. Au79

    Spuds Guest

    Spuds, Jun 16, 2006
    #6
  7. Au79

    thanatoid Guest

    wrote in

    Not sure what you are talking about... is this something like
    that genius with a sense of humor making jpg's run trojan
    scripts in IE/OE???

    The only WMF files I've seen came on my set of clipart discs
    (boy did I ever get mileage out of THAT purchase... 3 pix in 10
    years...)

    I have NO M$ ware installed except the OS.

    Well, as long as you don't mind M$/HSO knowing everything about
    your bank accounts and tax records, everywhere you've been in
    the last 20 years, whether you have any Muslim friends, what
    drugs your kid uses, what the name McCarthy means to you, when
    the last time you went to church was, whether you own legal
    DVD's of all the Star Wars movies like every good American
    should, etc...

    Or are these now Google's main areas of concern... I get a
    little confused sometimes... So many big brothers all over the
    place...
     
    thanatoid, Jun 16, 2006
    #7
  8. Au79

    Pennywise Guest

    |>> You got an update (MS06-026) not sure if this is for the
    |>> WMF exploit or not

    |>Not sure what you are talking about... is this something like
    |>that genius with a sense of humor making jpg's run trojan
    |>scripts in IE/OE???
    |>
    |>The only WMF files I've seen came on my set of clipart discs
    |>(boy did I ever get mileage out of THAT purchase... 3 pix in 10
    |>years...)
    |>
    |>I have NO M$ ware installed except the OS.

    The WMF exploit was one I was really concern'd about (XP) and one
    update I installed (third party)

    It wasn't a concern for WIn98 before
    http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx


    It is now, you need to download the update as it's for the WMF
    exploit.
    https://www.microsoft.com.nsatc.net/technet/security/Bulletin/MS06-026.mspx
     
    Pennywise, Jun 16, 2006
    #8
  9. Au79

    thanatoid Guest

    wrote in

    Thank you, I appreciate the warning. It is nice of you to be
    concerned about someone as obviously ultra-cynical and
    thanatoidal as I am. Seriously, I'm not making fun of you.

    This appears to be more-or-less a WMF version of the jpg trick I
    mentioned. That only affected IE/OE users, and although this
    page doesn't specifically mention IE, I believe M$ is under the
    (regrettably almost 100% correct) impression that everyone uses
    their browser so they don't even have to mention it. But I don't
    use it. And I use 95B for the internet, which they don't mention
    because this problem either doesn't apply to the 95B version of
    the image rendering engine, or because 95 is "officially" dead.
    Also, I suspect the MS IREngine only works with MS applications,
    of which, as I mentioned, I have none, except the OS.

    I can't even remember when I last saw a WMF image on any web
    page, and I use a browser (OffBy1) which is not only the fastest
    thing on earth, but is also so simple that it basically
    eliminates all dangers and annoyances (popups etc.) by virtue of
    its design. It only reads jpg, gif and png (maybe bmp, not
    sure, not many bmp's on the web), and doesn't even recognize let
    alone execute Java, ActiveX or scripts. I do occasionally use
    Opera, but only to access hotmail and my bank.

    So I'm not going to worry about it.

    Thank you anyway.
     
    thanatoid, Jun 16, 2006
    #9
  10. Au79

    Pennywise Guest

    |>I can't even remember when I last saw a WMF image on any web
    |>page, and I use a browser (OffBy1) which is not only the fastest
    |>thing on earth, but is also so simple that it basically
    |>eliminates all dangers and annoyances (popups etc.) by virtue of
    |>its design. It only reads jpg, gif and png (maybe bmp, not
    |>sure, not many bmp's on the web), and doesn't even recognize let
    |>alone execute Java, ActiveX or scripts. I do occasionally use
    |>Opera, but only to access hotmail and my bank.
    |>
    |>So I'm not going to worry about it.

    To each his own. http://www.updatexp.com/wmf-exploit.html
     
    Pennywise, Jun 16, 2006
    #10
  11. Au79

    Fuzzy Logic Guest

    Hopefully you have a firewall as you are vulnerable to this:

    http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx
     
    Fuzzy Logic, Jun 16, 2006
    #11
  12. Au79

    Rick Merrill Guest

    Interesting observation: the release of patches ALSO tells the virus
    writers where to look for the vulnerabilities and to release the virus
    before the patches get too widespread.
     
    Rick Merrill, Jun 16, 2006
    #12
  13. Au79

    thanatoid Guest

    Of course I have a firewall. I am also running a 32bit netstat
    viewer, a file change monitor, and a process monitor. Every
    other month or so I scan the system for viruses and spyware, but
    have never found anything. I did once find a "call home" file,
    but since I caught it during the install with InCtrl4, I deleted
    it manually anyway.

    I used to run an anti-virus program while on-line but since I
    don't use IE, have Java and scripting disabled, never click on
    anything let alone exes, and scan everything I download, I
    decided it was just a waste of resources - a 9 year old computer
    is lucky to have 64MB of RAM.
    ;-)

    I did get some stupid virus once in an email from a clueless OE-
    using friend but since I have all scripting files removed, it
    couldn't do anything.

    That's all that's ever happened in about 10 years.

    I hate to sound cocky, since generally speaking, that is just
    asking for trouble - and also my personal self-esteem is
    actually very low - but I really don't believe I have any cause
    for concern. My system has repeatedly tested as "stealth" on
    several different security sites.

    And since I would rather keep it this way, not to mention
    wasting hundreds of hours getting XP/Vista/Fuberknucker or
    whatever to work right, and having to install several updates
    each week for the rest of my life, I'm staying with these OS's.

    Since I can do everything I need to do on my two computers as
    they are (the 2nd is a 2GHz P4 running w98SE Lite), I see no
    reason whatsoever to change anything.

    But thanks for the link anyway. Although I must add that having
    to wade through pages like that all the time is yet another
    excellent reason to not change anything.

    Now you must excuse me, as I have to go file my claws on the
    nearest rock. As if having to drag a thirty-foot tail behind me
    all the time wasn't enough hassle...
     
    thanatoid, Jun 16, 2006
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.