I will not fix your windows

The MS DirectShow bug is bad enough. I got several Malware samples at work. I am glad the generics still detects them. But yesterday Dennis Elser pointed me to this blog, with the results of his research.

This could be a lot worse. Simply said: ATL, a software component written by Microsoft, often used by programmers to include in their tools, has a security flaw when processing data.

Give it a specific crafted file to process and you can remote control the computer.

Microsoft will run an update soon. It looks like it will fix all issues in Microsoft programs using this library. Programs from other sources that use this buggy library in a specific way (“linked static”) will still be buggy.

I do not know which programs are vulnerable, if you know some, please tell me so.

What exactly can happen:

There could be lots of attacks on different programs users have installed. These programs may not have an update function. To attack these programs the user just has to open a specially crafted file with them. Or be online. Depends on where these programs get data from. ICQ clients, ZIP tools, Viewer of this, Downloader of that.

And either the programmer of this tools did not created a fixed version or you do not know it, because there is no updater for this program.

I expect people to still use vulnerable programs in 2-3 years.

This is the real problem, not the bug which can be fixed with the next Windows update.

It would not have happend with Linux…because there is an updater for all the programs installed.

My promise to my friends:

If you ever ask me to fix your computer and you did not install this specifc update, I will not fix your windows.


~ by thorstensick on July 11, 2009.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: