Computer code that exploits a security vulnerability in Windows has been published on the Internet, making it more urgent for users of the operating system to patch.
Microsoft provided a fix for the flaw last week with security bulletin MS07-004. At the time, the company warned that it had already seen limited cyberattacks exploiting the vulnerability. However, attack code hadn't been available publicly. On Tuesday, exploit code was published to a widely-read online security forum.
"Microsoft is aware that detailed exploit code was published on the Internet that may take advantage of the vulnerability addressed by Microsoft security bulletin MS07-004," a company representative said in a statement. "Microsoft encourages all customers to apply the most recent security updates."
Prior to the public posting of the exploit, other code that takes advantage of the flaw had been made available to users of a security testing tool made by Immunity. However, these attack blueprints are private, supplied to people who pay for the tool.
Functionality of the public exploit code appears to be limited, Symantec said in an alert to users of its DeepSight security intelligence service Tuesday. Symantec was unable to get the exploit to work on English language versions of Windows XP and Windows 2000, the company said. Still, the exploit could provide a starting point for other hackers, Symantec said.
"The author has posted the exact location of the flaw, shown in a screen shot from a binary analyzer, increasing the likelihood of other exploits being developed," according to the Symantec alert.
The VML flaw is similar to a bug for which Microsoft rushed out a fix in September after Windows users came under attack. The vulnerability can be exploited by tricking a user into viewing a malicious VML file on a Web site with Internet Explorer.
All recent versions of Windows are vulnerable when all recent versions of IE, including IE 7, are in use, according to Microsoft. The exception is Windows Vista, which is not impacted, the software maker said. Microsoft's patches are distributed via Automatic Updates and on the company's Microsoft Update downloads Web site.
It was encouraging to see MS Vista was not affected, perhaps Microsoft is actually starting to "get it"? I'll reserve judgment on that for now.
In nature, biodiversity prevents a single virus from wiping out an entire species. Do your part and diversify. Try Open Office, Eudora, Firefox, maybe a complete new operating system if you have a second PC. Otherwise don't complain the next time that all Microsoft machine of yours is polluted with spyware and viruses.
For all the shouting and hoopla over Apple 'flaws' (see also the ego-masturbation known as "Month of Apple Bugs"), I'm still posessed of no big motivation to bother with anti-virus, anti- spyware, anti-anything. I just keep current on my patches (actually, OSX does that for me), practice basic security, and I'm all set.
I'm still happy with TextEdit on the Mac (though I use OOo extensively on my Linux laptop @ work), Thunderbird for all my mail (and this comes from a guy who does SMTP for a living, among other things), and while Firefox is great on the Linux machinery, Safari does everything I need @ home (Safari = rebuilt Konquerer).
But that's the beauty of OSS and non-MSFT stuff, is biodiversity, so to speak. As long as open standards are adhered to, it doesn't matter which browser, mail client, etc. you use :)
I am one who supports it. Diversity has shown to be benificial to us, the consumers. It gives us more freedom of choice and promotes competition among the providers to improve their products (i.e. firefox prompts IE improvements). As for this vulnerability, I am glad microsoft has released a patch for it already, however there are still others not yet fixed. I am encouraged by the recent trend in exploits found... they are becoming harder and harder to use maliciously. Years ago, it was very easy to do. I give credit to software diversity for prompting this improvement. Whatever software you choose, good for you! That's your decision to make.
Hmm... launch new Operating System which nobody wants to move to because their existing system works fine (not to mention, their apps and their hardware)...
Generate and/or "release" Windows bugs and flaw attacks that only effect XP and not Vista...
Shout how much more secure Vista is and convince people Microsoft is doing all it can to hold back the floodwaters of attacks, to protect us innocent users! But Microsoft can only hold on for so long... our survival lies in the lifeboats named "Vista".. hurry or you'll be "owned" ...
(or switch to a Mac or Linux, but we won't mention that scenario...)
I just love reading these comparisons from other posters. All defending one platform or another.
Here's my 1 cent worth of opinions. First off I think in this day and age running a firewall and anti-virus software is a must on all platforms simply because the risk of loosing data stored on your computer is to great for most users whether they realize it or not.
Secondly Apples are great computers and Mac OS X is a great OS, but it's not going to be for everyone. Be thankful we all have a choice even if that choice is decided for us by the applications we want to use.
Thirdly, don't trust computers. They are only as good as the software that runs on them and the hardware that makes them work. Of course the weakest link is still the human being and we defend the honor of operating systems. Got to make you wonder how intelligent we really are.
And lastly, all this arguing over who's got the better turd just mask the stink that has become technology. The fact is that none of these companies have the best interest of the end user in mind. If they did they would all be working together to make applications work on any platform. They would share ideas and technologies. Patents wouldn't be an issue and neither would copyrights. They wouldn't create licenses that block other ways of thinking out. Interoperability wouldn't be a topic at every computer related event or even a selling point on the package.
The fact is that we are all suckers. We all buy into this idea that one thing is better than the other. We all like to make Devils and Gods out of people in the industry. And in the end we still get stuck with the same old hype.
Other OS are less vulnerable cause they are not so popular
why bother to make a virus that can affect 10% of computers in the world if you can make one that can attack 75% , it is simple logic. I have MAC OS X and in my opinion has alot less spyware/virus than windows, so I don't have to worry on having the antivirus all the time. I just have the fiewall of the router and I update my system once in a while and everything is excellent. But in my windows based computers I have to update the antivirus daily have the software firewall on, run antispyware application at least once a week. All these extra applications and processes slow down my computer's performance and decrease my productivity. Still is the price for having compatibility with most software, for me the price was to high so I changed to mac os x. But for many people windows is just fine and they are happy with it. So it depends on what you do.
This holds true regardless of which operating system you use.
Viruses, spyware, malware, phished sites with trojans lurking on them...
We ALL need the best security we can get.
Good Firewall, Good AntiVirus, Good Anti-Spyware, Good Anti-Trojan, etc.
One can brag all they want... but I would love to see their face when those that claim "I don't need this" or "I'm safe because {fill in the blank} finally get infected with something.
We need to quit bickering about this, that or the other and start shoring up our security defenses... because the bad guys aren't letting up... in fact they're growing by leaps and bounds.
Everybody is vulnerable. However as for HOW vulnerable they are... will depend upon how strong of a security defense they've built up.
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
The Silicon Valley online payments startup grew by 1,000 percent last year and is hopeful it can repeat that level of growth this year. To do that, it's had to move away from its early friends-and-family roots and embrace small businesses.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
In nature, biodiversity prevents a single virus from wiping out an entire species. Do your part and diversify. Try Open Office, Eudora, Firefox, maybe a complete new operating system if you have a second PC. Otherwise don't complain the next time that all Microsoft machine of yours is polluted with spyware and viruses.
ego-masturbation known as "Month of Apple Bugs"), I'm still
posessed of no big motivation to bother with anti-virus, anti-
spyware, anti-anything. I just keep current on my patches
(actually, OSX does that for me), practice basic security, and I'm
all set.
I'm still happy with TextEdit on the Mac (though I use OOo
extensively on my Linux laptop @ work), Thunderbird for all my
mail (and this comes from a guy who does SMTP for a living,
among other things), and while Firefox is great on the Linux
machinery, Safari does everything I need @ home (Safari =
rebuilt Konquerer).
But that's the beauty of OSS and non-MSFT stuff, is biodiversity,
so to speak. As long as open standards are adhered to, it
doesn't matter which browser, mail client, etc. you use :)
/P
Generate and/or "release" Windows bugs and flaw attacks that only effect XP and not Vista...
Shout how much more secure Vista is and convince people Microsoft is doing all it can to hold back the floodwaters of attacks, to protect us innocent users! But Microsoft can only hold on for so long... our survival lies in the lifeboats named "Vista".. hurry or you'll be "owned" ...
(or switch to a Mac or Linux, but we won't mention that scenario...)
Here's my 1 cent worth of opinions. First off I think in this day and age running a firewall and anti-virus software is a must on all platforms simply because the risk of loosing data stored on your computer is to great for most users whether they realize it or not.
Secondly Apples are great computers and Mac OS X is a great OS, but it's not going to be for everyone. Be thankful we all have a choice even if that choice is decided for us by the applications we want to use.
Thirdly, don't trust computers. They are only as good as the software that runs on them and the hardware that makes them work. Of course the weakest link is still the human being and we defend the honor of operating systems. Got to make you wonder how intelligent we really are.
And lastly, all this arguing over who's got the better turd just mask the stink that has become technology. The fact is that none of these companies have the best interest of the end user in mind. If they did they would all be working together to make applications work on any platform. They would share ideas and technologies. Patents wouldn't be an issue and neither would copyrights. They wouldn't create licenses that block other ways of thinking out. Interoperability wouldn't be a topic at every computer related event or even a selling point on the package.
The fact is that we are all suckers. We all buy into this idea that one thing is better than the other. We all like to make Devils and Gods out of people in the industry. And in the end we still get stuck with the same old hype.
Because Mac/Linux/BSD are considered a hard targets, there are hackers that would love to brag on taking them down.
They just have not been able to do much damage yet so like the terrorist they move to a softer target aka Windows.
Viruses, spyware, malware, phished sites with trojans lurking on them...
We ALL need the best security we can get.
Good Firewall, Good AntiVirus, Good Anti-Spyware, Good Anti-Trojan, etc.
One can brag all they want... but I would love to see their face when those that claim "I don't need this" or "I'm safe because {fill in the blank} finally get infected with something.
We need to quit bickering about this, that or the other and start shoring up our security defenses... because the bad guys aren't letting up... in fact they're growing by leaps and bounds.
Everybody is vulnerable. However as for HOW vulnerable they are... will depend upon how strong of a security defense they've built up.
Nobody is totally and 100% impenetrable!!!
Walt