Microsoft Investigating Windows Flaw

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Those of you still running Windows 2000 and Windows XP should know that Microsoft is investigating a new moderately critical flaw that could allow malicious code to be executed. Those poor, poor executed codes. Won't someone please think of the codes? :D

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "UpdateFrameTitleForDocument()" function of the CFrameWnd class in mfc42.dll. This can be exploited to cause a stack-based buffer overflow by passing an overly long title string argument to the affected function. Successful exploitation may allow execution of arbitrary code.
Click to expand...
 
So, if you run a program locally that hacks you, you can be hacked even more. :p Swiss cheese security is full of holes.
 
I used to curse those that ran XP still...and then the beta is now ending and I'm back on XP. I know it's not very much money to upgrade, but I just can't justify spending money on it ATM
 
I don't get it. XP, Visat32/64 and Win732/64 are full of holes that get exploited. They all contain code that can be manipulated/exploited. Anybody can go to the wrong sites and click on everything they see and get infected with nasties that sail on by the AV of choice.

To bad Combofix doesn't work on x64 flavors.

Cheers!
 
willyspuddle said:
I don't get it. XP, Visat32/64 and Win732/64 are full of holes that get exploited. They all contain code that can be manipulated/exploited. Anybody can go to the wrong sites and click on everything they see and get infected with nasties that sail on by the AV of choice.

To bad Combofix doesn't work on x64 flavors.

Cheers!
Click to expand...

VASTLY overstating the problem.
 
And to think they're deploying brand new machines running xp at my work.... /sigh
 
Shouldn't they just fix it, and then tell people?

I mean lets not give those leet hackers any ideas...
 
who the hell figures this out? Why do hackers want to be so malicious? Knock that crap off guys! It's one thing if it's keylogging you or phishing and they can get some benefit... but if it's there just to mess up your drive... what good does that do?
 
colinstu said:
who the hell figures this out? Why do hackers want to be so malicious?
Click to expand...

Reading between the lines in the report, it sounds to me like the PowerZip developers stumbled upon it and investigated on their own. They likely then reported it to Microsoft, and when they were ignored, published it.

Not everyone has malicious intent. Some folks just want to see these bugs fixed.
 
Ah another hole in the security of Win XP/2000, there's a surprise, maybe if M$ had a tighter leash on their internal computer security and never allowed the source code to get leaked, it might have been a different story.
 
OS that is more then a decade old. come on, jst die, no one cares.

I'll take it out back right now with a shotgun.
 
ZenOps said:
Looong live XP. Its still a great gaming platform IMO.
Click to expand...
+1

And it's not so bad anyway if you've spent many years fine-tuning and tweaking it yourself for maximized responsiveness and performance. :)
 
"which can be exploited by malicious people" lol ...yeah you gotta watch out for those malicious people.
 
Cheetoz said:
Like the Microsoft-Spurned Researcher Collective.
Click to expand...
Yes, they're angry because Microsoft yelled at a developer who released exploit code without realizing or acknowledging that the issue was a lot tougher to fix than he thought and that his "fix" didn't work. Real professionals, there.
 
You must log in or register to reply here.
Back
Top