The number of malicious attacks exploiting an unpatched vulnerability in older versions of Windows has mushroomed over the past week, prompting Microsoft to warn customers to deploy countermeasures until an update is released. Microsoft said on Wednesday that its security team has detected more than 10,000 distinct computers …
They forgot one countermeasure
The one where you wipe windows for ever and replace it with something better.
Amen to that.
The only reason I read articles about windows exploits is to first keep up with the IT world for work, and second to have a good laugh after morning coffee.
Just to point out...
... that by definition, a 0day exploit can't really have been around longer than a day!
Just a reminder
A 0-day exploit is an exploit that has just been discovered and, as a direct consequence, has not yet received a correction or workaround.
Sure, it is best to exploit it on the first day of discovery, but until a patch is out, it is still a valid exploit.
And, with Microsoft, it can be a valid exploit for years.
A moderate approach
Immediate full disclosure can cause problems, as in this case. But companies often need a bit of prodding before they take action. Neither extreme of disclosure is always appropriate. I think the best approach is to initially only notify the software developer, and give them a reasonable amount of time to respond.
If they don't, publicize that the vulnerability exists, but not all the details of how to exploit it. If this still doesn't trigger any action, disclose the full details.
Hopefully, the developer will address the issue promptly. Once a fix has been released, then disclose everything. This will pose a negligible risk to anyone who keeps their systems up-to-date, and still satisfy the principle of openness.
How proud he must be
Is it time for the class action suit yet?
Microsoft or Google?
The latter can always reuse the "rogue engineer" story
yah i noticed
Most of them try to be spamming forums !!!
is that its all well and good Microsoft saying that they've published an advisory about this and given details of how to work round it (hacking the registry is one of the ways) but the average user who is going to get caught out by this is going to be a home PC user and how many of those do you know who read the security bulletins.
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Review Raspberry Pi B+: PHWOAR, get a load of those pins
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS