Microsoft has issued four critical security updates that patch at least eight vulnerabilities in the various Windows operating systems and Office programs. If you use either, you'll want to install them sooner rather than later. The most serious of the updates is one patching Microsoft's graphics device interface, the component …
...that they can so comprehensively phuck up the display of _images_
If they can't handle what should be *simple* parsing of image data securely - which has a defined, clear data structure, what the hell are people doing trusting them with an entire operating system for ?!?
Paris, because she'd phuck it too. Not that we'd mind, as long as it was on camera.
It makes you wonder . . .
You gotta wonder how many 'critical' updates Micro$oft can put out. They never seem to stop coming.
My summary: "*yawn* - There. By the way: User level code again, no threat.
Since the original JPEG exploit in gdiplus, I've yawned at this repeatedly.
If you're still surfing the web as "owner" or "administrator" since December 2005, when Three Rings Design crippled their web site in fear over this thing, then you deserve to get infected with whatever malware comes through a GDI exploit.
Fool me once... etc etc
And Dan Goodin needs that hot clue injection. Still. Or maybe a clue intraveinous bottle. Or something.
household-appointed admins will be working overtime
No problems here. Thanks, Canonical.
@ Gordon Fecyk
You've missed the point entirely and with this stance are not really much more secure than before.
Why? Because windows is not secure. At all. Once any kind of software is on your system it's a fairly trivial matter for it to elevate security to a higher level, even if this is only at the next boot of the system. While it is possible to lock down a windows PC, you're always fighting against the inherent problems with the fundamental "design" of a system that splatters an insane mix of data and executables throughout the entire system (quite apart from applications that require OS changes as part of the install). Combine this with the need to keep a system flexible (one of the main advantages of PCs) and you have a system that is impossible to secure without crippling it into uselessness.
@I'm amazed... : Colin Wilson
I agree with you Colin.
How can they completely screw up rendering an image?
Why would the image system want to execute code from within an image?
This household-appointed admin made a "C:>dir gdiplus.dll /s" on a XP Pro laptop and found out that there are 23 files with this name, with different sizes and date stamps. The one in Windows\system32 is *not* the newest. I wonder what the update updated.
@ Colin Wilson
I see you managed to phuck up your image processing - that is definitely not Paris
Dammit, it must be a rendering error - I was booted into Windows when I posted it...