January 30, 2006 5:19 PM PST

AMD forums laid low by Windows exploit

By Tom Krazit
Staff Writer, CNET News

Related Stories

Microsoft pushes out Windows patch ahead of time

 January 5, 2006

Windows flaw spawns dozens of attacks

 January 3, 2006
A discussion forum Web site for fans of Advanced Micro Devices' chips was closed Monday after the discovery there of an exploit for Microsoft's Windows Meta File flaw.

Mikko Hypponen, chief research officer at F-Secure, posted an item on the company's blog Monday outlining a WMF exploit on the home page for AMD-sponsored discussion forums. The exploit has since been removed, AMD said.

AMD forums harbor WMF exploit

WMF exploits can trick users into viewing images or visiting Web sites that carry malicious software called Trojan horses. Once installed on a vulnerable PC, the software can allow an attacker to execute code on the system.

The forums were taken offline as soon as AMD learned of the exploit, said Drew Prairie, a spokesman for the Sunnyvale, Calif.-based chipmaker. The forums are maintained by another company that apparently failed to update its software in order to protect against the exploit, he said. Prairie was unaware of the name of the company, which is dealt with by AMD's staff in Europe.

The forums were back online late Monday afternoon. A poster started a thread on Saturday warning other forum users about the exploit. The discussions on the site usually center around building AMD-based PCs or bashing Intel, but visitors over the weekend got an unexpected lesson in Windows and Internet Explorer security techniques.

Microsoft was forced to issue an out-of-cycle patch in early January in response to the nasty WMF flaw, after originally planning to include the fix along with its usual monthly batch of patches. Windows users who downloaded that patch when it was distributed were protected if they visited the AMD discussion forum on Monday, Prairie said.

8 comments

Join the conversation! Add your comment (Log in or register)
A better title...
... would be: "AMD forums laid low by failure to patch a Windows server"...
Posted by aemarques (159 comments )
Reply Link Flag
An even better title
AMD unable to keep up with high volume of Windows security
issues.
Posted by Macsaresafer (804 comments )
Link Flag
Hackers have no life's
Are these guys really that desperate for attention?
Posted by bobby_brady (753 comments )
Reply Link Flag
AMD Forums laid low
I hope someone will be thoughtful enough to explain this situation to someone like me who does not quite understand. The only way I'm going to learn to ask questions.

Please explain exactly what happened: was it something done deliberately by Microsoft? If gone undetected, would it have created severe problems for AMD users?

I have tried to read as much as I can on this subject, but I am still in the dark. Please help.
Posted by Pluqueric (15 comments )
Reply Link Flag
Feature or bug
The feature was intended, the full range of things it could be used for was not.

It's a problem for AMD users who have unpatched Microsoft in their computers.
Posted by Phillep (18 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

ie8 fix

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

ie8 fix
  • Recently Viewed Products
  • My Lists
  • My Software Updates
  • Promo
  • Log In | Join CNET