Microsoft confirms code execution bug in Windows

[Gary]

Quote "Microsoft has confirmed reports that several versions of Windows are vulnerable to exploits that allow remote attackers to take full control of users' computers using booby-trapped emails and websites.

In an advisory issued Tuesday, Microsoft said it was investigating "new public reports" of vulnerability in the XP, Server 2003, Vista, and Server 2008 versions of Windows. In fact, the first known report of the bug in the way those operating systems process thumbnail images came on December 15 at a security conference in South Korea. On Tuesday, exploit code was added to the Metasploit software framework for hackers.

"This is a remote code execution vulnerability," the Microsoft advisory stated. "An attacker who successfully exploited this vulnerability could take complete control of an affected system."

http://www.theregister.co.uk/2011/01/04/windows_0day/

[Rik]

Will it ever end?

[Simon]

Never!

[Rik]

Indeed.

[pctech]

XP will be 10 years old this October, you'd have thought after 10 years of Quick Fix Engineering hotfixes then it would be pretty robust by now wouldn't you?

[Rik]

You would. I hope MS don't write the code for Boeing!

[pctech]

No thankfully not.

[Gary]

XP will be 10 years old this October, you'd have thought after 10 years of Quick Fix Engineering hotfixes then it would be pretty robust by now wouldn't you?

I think the problem is that times and exploits have also changed and a 10 year old OS is probably not the most secure to use now, note Windows 7 is not in the list.

[Rik]

Neither is Linux.

[Gary]

Neither is Linux.

Or OS X  but XP is now very long in the tooth, people I think should be running windows 7 to be up to date, and safer really.