In the news,
Microsoft announces that pretty much all of their practical programs suffer a buffer overflow after reading a specially crafted JPEG image:
Technical translation: You can now add pictures to the list of things that Hackers can use to gain access to your computer. Microsoft is saying that the code in any program newer than IE 5.5 is flawed. There are ways to create an image that cause an overflow, a type of processing error, in Windows.
An overflow is the holy grail for a hacker, it causes a small system error, after which, a hacker can then have your computer execute any commands he or she likes, and they will be interpreted as part of the process the PC was already working on. It will be interpreted as if you had executed the command from your PC's Command Line, and will bypass any computer security you've installed, and most network security your company has installed. If you have permission to do it, a command inserted after an overflow will execute.
Anyhow, here's the technet article, complete with patches.
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
What's the big deal? Let me give you some historical perspective.
The last time Microsoft announced a buffer-overflow type error in a readily used program, (Older versions of Internet Explorer 4.0 experienced an overflow if they read a URL greater than 128 characters,) the overflow was exploited in a big way by the "I Love You" virus. Microsoft had already ID'd and patched that vulnerability, but no-one loaded the patch on any of their versions of IE. This problem is wider, since it affects any MS program that is capable of image processing, which is almost ALL of MS' recent products.
So if you run IE, or Windows, or etc. Patch your machine ASAP. It was an unknown problem before Microsoft's announcement, so unless they work in MS' Security, hackers have to start work on their exploits today.
And since the only reader still with me at this point is likely to be![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png)
dagoski, your kryptonite bike lock can be opened with a ballpoint pen. Pretty cool, huh?
Microsoft announces that pretty much all of their practical programs suffer a buffer overflow after reading a specially crafted JPEG image:
Technical translation: You can now add pictures to the list of things that Hackers can use to gain access to your computer. Microsoft is saying that the code in any program newer than IE 5.5 is flawed. There are ways to create an image that cause an overflow, a type of processing error, in Windows.
An overflow is the holy grail for a hacker, it causes a small system error, after which, a hacker can then have your computer execute any commands he or she likes, and they will be interpreted as part of the process the PC was already working on. It will be interpreted as if you had executed the command from your PC's Command Line, and will bypass any computer security you've installed, and most network security your company has installed. If you have permission to do it, a command inserted after an overflow will execute.
Anyhow, here's the technet article, complete with patches.
http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx
What's the big deal? Let me give you some historical perspective.
The last time Microsoft announced a buffer-overflow type error in a readily used program, (Older versions of Internet Explorer 4.0 experienced an overflow if they read a URL greater than 128 characters,) the overflow was exploited in a big way by the "I Love You" virus. Microsoft had already ID'd and patched that vulnerability, but no-one loaded the patch on any of their versions of IE. This problem is wider, since it affects any MS program that is capable of image processing, which is almost ALL of MS' recent products.
So if you run IE, or Windows, or etc. Patch your machine ASAP. It was an unknown problem before Microsoft's announcement, so unless they work in MS' Security, hackers have to start work on their exploits today.
And since the only reader still with me at this point is likely to be
dagoski, your kryptonite bike lock can be opened with a ballpoint pen. Pretty cool, huh?
