Microsoft has decided to rush out a fix for a flaw in Windows, saying that the problem has become too serious to ignore. The flaw, which will be patched on Tuesday, was originally disclosed to Microsoft in December, but it was not publicly reported until last week. The bug lies in the way Windows processes .ani Animated Cursor files, which are used to create cartoon-like cursors in Windows.
To read all comments associated with this story, please click here.
Member since:2005-07-06
Member since:2005-07-02
Member since:2006-07-04
"(At least Microsoft are going out of their way to correct this problem though.)"
They're going out of their way only because they sat on their behinds on this bug. This bug could've been patched in any of the Jan, Feb, or March updates, and there would've been no need for a rushed out-of-cycle patch. Atrocious decision making.
Edited 2007-04-02 22:53
Member since:2007-02-22
Member since:2005-07-12
>> However this has to be, by far, the funniest
>> securiety threat i've heard to date!
Oh I don't know... the .jpg buffer overflow that effected EVERY operating system that used the reference code - meaning linux, MacOS and Windows - was a bit funnier IMHO.
I suspect this is something similar, where a programmer got lazy and didn't bother with range checking. I'm often amazed at how often programmers will try to save a few clocks by not bothering with making sure memory accesses don't go out of the expected range, especially on image decoders.
Member since:2006-02-06
Member since:2005-10-02
Member since:
2007-03-26
I know any OS, with as wide target base and as many lines of code as Windows does, is vulnerable to attack. However this has to be, by far, the funniest securiety threat i've heard to date!
(At least Microsoft are going out of their way to correct this problem though.)
Edited 2007-04-02 22:04