Very recently, a major flaw in the Windows architecture was discovered. There have already been a startling number of "zero-day exploits" popping up to take advantage of this, and it can be exploited simply by viewing a web page, email, etc.

Microsoft is expected to roll out a new security patch in the near future, but a quick and simple patch can be found at GRC's website, here (http://grc.com/sn/notes-020.htm), along with loads of detailed information as to how the patch works, what it fixes and what the exploit does and can do to your machine.

For more information about this vulnerability, and as a resource of other security measures, I recommend listening to the Security Now! podcast (http://www.grc.com/securitynow.htm) with Steve Gibson and Leo Laporte.

thanks for the heads up.

secured

yeah it was just on the news here. and if its on a roanoke tv station it must be real news. lol. done.

jp

It actually is a very big deal in terms of internet security. There is no virus protection or ad blocking that will stop this exploit, and MS, again, has yet to officially announce plans to fix it, although a patch is expected sometime soon. It's a very clever exploit that makes use of a Windows metafile bug in which if it cannot find the metafile, it forces it to run a new script (basically, any image on a web page, email, etc could be the metafile trigger) which means it does not take any active participation from the viewer - it simply runs passively upon loading the graphic. There are already a few thousand recorded websites that are making use of this, and I'm sure you can expect to start seeing spam show up that uses this exploit very soon. The scariest part is that it effects all versions of Windows.

Luckily, the fix is simple and available at the link I provided above. It's jsut frightening how clever this exploit is.

i know, was just kidding cause at the moment i live in bfe virginia. its just another example of the lack atmosphere @ ms. brought to you by the people that gave me reason to run linux! lol.

jp

the code is bad on windows yet for somereason firefox catches it all you gota do is say no to te dl and my nortan system works 2005 freaks out

so if you have these two measues theres not much to worry about IMO

MS now has a security fix for this as part ofthe Windows Update. It does exactly the same thing as the fix listed above.

that above fix made it where I couldn't see my images unless I opened them in a photoprogram. I turned it off and got the ms update, but it dosn't mess with my image viewing. So it's all good now.

the fix worked fine for me, and I just downloaded about 15 windows updates, so I guess they fixed it too.

(just reformated last week hadn't updated SP2 yet)

EDIT:
actually it kept me from opening Windows Picture and Fax viewer (the sites fix)

That's actually what it shuts off - the MS Picture & Fax Viewer uses the metafile that is flawed, as does IE.

The MS Fix takes care of the problem without shutting down the metafile completely.

Either way, if you get the MS fix, you're good to go.