A discussion forum Web site for fans of Advanced Micro Devices' chips was closed Monday after the discovery there of an exploit for Microsoft's Windows Meta File flaw.
Mikko Hypponen, chief research officer at F-Secure, posted an item on the company's blog Monday outlining a WMF exploit on the home page for AMD-sponsored discussion forums. The exploit has since been removed, AMD said.
WMF exploits can trick users into viewing images or visiting Web sites that carry malicious software called Trojan horses. Once installed on a vulnerable PC, the software can allow an attacker to execute code on the system.
The forums were taken offline as soon as AMD learned of the exploit, said Drew Prairie, a spokesman for the Sunnyvale, Calif.-based chipmaker. The forums are maintained by another company that apparently failed to update its software in order to protect against the exploit, he said. Prairie was unaware of the name of the company, which is dealt with by AMD's staff in Europe.
The forums were back online late Monday afternoon. A poster started a thread on Saturday warning other forum users about the exploit. The discussions on the site usually center around building AMD-based PCs or bashing Intel, but visitors over the weekend got an unexpected lesson in Windows and Internet Explorer security techniques.
Microsoft was forced to issue an out-of-cycle patch in early January in response to the nasty WMF flaw, after originally planning to include the fix along with its usual monthly batch of patches. Windows users who downloaded that patch when it was distributed were protected if they visited the AMD discussion forum on Monday, Prairie said.
I hope someone will be thoughtful enough to explain this situation to someone like me who does not quite understand. The only way I'm going to learn to ask questions.
Please explain exactly what happened: was it something done deliberately by Microsoft? If gone undetected, would it have created severe problems for AMD users?
I have tried to read as much as I can on this subject, but I am still in the dark. Please help.
Apple says it's got a third-party group looking for issues at manufacturing partners it uses. Read CNET's FAQ to find out how we got here, and what the next steps are.
Tommy Jordan, the man who shot his daughter's laptop for YouTube, gets a visit from police and child protection services. Oh, and Good Morning America.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
There are a lot of things that AT&T's humongous Samsung Galaxy Note smartphone is, like a digital memo pad, a medium-size-reader, and a great photo companion.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
issues.
Please explain exactly what happened: was it something done deliberately by Microsoft? If gone undetected, would it have created severe problems for AMD users?
I have tried to read as much as I can on this subject, but I am still in the dark. Please help.
It's a problem for AMD users who have unpatched Microsoft in their computers.