“The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered,” John Leyden reports for The Register. “The vulnerability allows malicious websites to place an executable file in a user’s start-up folder when a user drags or clicks on a program masqueraded as an image. http-equiv of malware.com, a so-called White Hat hacker, has posted a sample exploit which demonstrates security weaknesses in the drag and drop function of IE that give rise to the exploit. Even though this demo depends on the user performing a drag and drop event, it might be rewritten so a user need only perform a single click on an image instead, according to security firm Secunia.”
Full article here.
MacDailyNews Take: For our struggling Windows-only friends, if you are interested in information about smoothly adding a safe, secure, elegant, and reliable Mac OS X machine to your computing arsenal, please click here.
I’m surprised it took so long.
Haha.
It’s Windows…. do people actually think that this SP would fix anything or patch any holes without giving way to new ones?
What does MicroSoft use to patch its holes – screening?
Chicken wire, Mr. Bill, chicken wire. I’m sure of it.
Insecurity at the speed of light.
A statement from her Highest Majesty Elizabeth II, Queen Of England
I hereby declare that I have switched to Apple Macintosh and by this advise all of my subjects to follow my step.
Microsoft has been nothing but a waste of time and energy over the years.
For this reason, Buckingham Palace and Windsor Castle will now be using Apple product only.
Her Majesty Queen of England.
EII
A security measure to Microsoft would be to install a screen door on a submarine…
Not to defend M$, but this article DOES quote Secunia, which lessens its credibility. Recall that they’re the ones who made such a big deal about OS X’s ‘virus’.
Mr. ‘White Hat’ hacker is doing more harm than good, IMO, since it will take M$ months or even years to patch this patch that patches the last patch. And in that period of incompetence, hundreds of thousands of XP boxes will be hit with this exploit.
umm…. didn’t the Queen of England give Knighthood status to Bill Gates? I do believe so. I don’t see her switching any time soon.
In my experience, Macs are very popular with queens…
I agree with rogozhin on this one. Secunia will claim that it’s a security concern if you let the root user use a rm -r.
I have never seen a Windows user drag n’drop. It’s all mouse clicks and clicking but never dragging and dropping when it comes to locating a file. It’s always the Windows explorer. bleah!
“The first new vulnerability affecting Internet Explorer on Windows XP with SP2 has been discovered,”
Haahhahahahahahahahahahahahahahahahahah
Screw you Winblows users, dumb asses.
Yeah, Secunia’s paranoiac sense of self importance can be more disturbing than the issues they report.
Btw, is SP2 generally released yet? Hasn’t shown up under Windows Update on my wife’s PC.
Screw you Winblows users, dumb asses.
My brother uses Windows and he’s no “dumb ass”. That label is more fitting to someone shallow enough to make such a ridiculously foolish generalization.
Ever wonder why you’re short on friends?
The article above is an elegant footnote to Bill Gates’ statement:
http://www.forbes.com/facesinthenews/2004/08/20/0820autofacescan01.html?partner=yahoo&referrer;=
sjk
shut up dummy
Windows service packs are like screen doors on a submarine: Slows the flow in, but not in any way worth mentioning.
Only one reason to use Exploder — a love of pain.
sjk: unless you use XP Home you get no update. SP2 for XP Pro has been blocked. Something fishy at the very last moment.
Unfortunately SP2 is not a cure, that is bug fixes. SP2 changes the way XP internally uses and exchange data among OS components. That is why so many programs – Microsoft own as well – are broken. The bugs are still there but it is more difficult to get at them, incidentally this breaks the paths reg and legit programs used in order to interoperate.
SP2 is no bug fix, is lots of dust under the carpet and then call out “CLEAN” .
XP+SP2 ? Still the old dirty smelly OS, only with a cleaner Tshirt on but no one at Redmond took a shower yet.
Thanks, Seahawk. Hmm, it runs the preinstalled XP Home so I dunno what the deal is with SP2. Figured I’d install just to see what the fuss is. No risk since the system’s been unused since my wife switched to my iBook last month.
sjk – My XP machine got “notified” last night. I have not intalled it yet.
The Network Admin at my work did update his kids PC’s last night, and said he saw no problems yet. He has a home network and did have to make some adjustments to XP’s IFC
What’s all this crap about SP2. You Macinfluff users are all idiots. If you know what you are doing, XP is great!!!
Don’t get me wrong, there are plent of idiots on Windows, as there are in all walks of life. But the percentage is much lower with PC users. Want proof? You bought an overpriced toy, and you read MDN.
Nufsaid.