Main Area and Open Discussion > General Software Discussion

Patch for new Critical Windows Flaw (MS07-061)

(1/1)

Ralf Maximus:
As queasy as I get whenever I run Windows Update nowadays, I think I'll do so for this one:

A remote code execution vulnerability exists in the way that the Windows shell handles specially crafted URIs that are passed to it. If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code. Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7. However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.

--- End quote ---

My understanding is that this flaw has already been exploited in the wild, and has nasty consequences.  Theoretically an evildoer could execute *anything* on a compromised Windows workstation.

Windows NT, 2000, and Vista users: you're safe.

Darwin:
Yeah, I installed this yesterday and so far (Darwin raps his knuckles on his forehead) no problems to report  :D

Carol Haynes:
Ditto

AndyM:
check out

http://www.askwoody.com/newscomments.php?newsid=1763

Darwin:
check out

http://www.askwoody.com/newscomments.php?newsid=1763
-AndyM (November 15, 2007, 12:31 PM)
--- End quote ---

Great. Thanks for alerting us. Thankfully, this isn't an issue for me... but still...

Navigation

[0] Message Index