OT: Serious Windows & Adobe Security Flaw

Edi · #1 October 27th, 2007, 05:08 PM

I've posted this same in a couple of other forums I frequent, so I decided to do the same here. Since I need to deal with fallout from crap like this at work, might as well spread the word and help the Dom3 community avoid the problem.

http://www.theregister.co.uk/2007/10...o_fix_windows/

Basically, there's a serious new vulnerability related to Windows handling 3rd party programs, another big one in Adobe and it's often triggered by malicious PDFs. Patch your Adobe Reader to v8.1.1 and be on your toes after that. Even then, you might get hosed. Machines that get infected by the Adobe PDF vulnerability or through the Windows one tend to become spam servers spewing out maliciously constructed PDFs to spread the infection.

Just so you have a heads up on this, it's very recent, but I've already run into one case at work. If it doesn't get patched soon, it'll get worse.

Another thing regarding the malware (type unknown) I encountered: It has at least some anti-AV capabilities, since it was able to evade detection by F-Secure software except indirectly and could apparently interfere with the scanning process and abort it prematurely. That kind of crap is a real ***** and half and then some to root out of a machine and you generally need at least half a dozen different programs to make sure. Most often it's easiest to nuke the site from orbit and do a complete reinstall, which is at least as much of a hassle if you need to do extensive data backups first. I don't know what other big name AV software besides F-Secure might be affected, but Norton would be one good candidate, so would CA, Panda, TrendMicro and other significant security software vendors.

lch · #2 October 27th, 2007, 05:13 PM

Alternatively, uninstall Windows.

(come on, somebody HAD to do it!)

Evil Dave · #3 October 27th, 2007, 05:58 PM

Ich beat me to it: "serious vulnerability in Windows" is not news.

[img]/threads/images/Graemlins/MacLogo.gif[/img]

Autochthon · #4 October 27th, 2007, 06:39 PM

Quote:

lch said:
Alternatively, uninstall Windows.

(come on, somebody HAD to do it!)

I would, but the withdrawal pains would mess me up pretty badly

Hopefully, with WinDoze being so widespread, someone will figure out a fix before this gets out of hand.

Tuidjy · #5 October 28th, 2007, 12:08 AM

I found this on a PC at my workplace as well, less than 8 hours ago. I went with a
full wipe (easy when all your desktops are not much more than dumb terminals) What
really pisses me off is that the vulnerability is due to a problem with Explorer7,
which the user installed against company policy... but given that she is one of
the owners, she gets to keep her administrator account. On the other hand, I'm
testing whether she will notice that I forgot to add it to the administrator group.

If you have to have Windows, just make sure that you do not upgrade Explorer beyond
six unless an application you need requires it. There is a patch for Adobe, but
the vulnerability exists in a number of other applications, because it is a
problem of Microsoft's, not one of the third parties.

Lord_Bob · #6 October 28th, 2007, 01:07 PM

One of the good things about people being forced to upgrade, but no actual improvements happening is that you can use the old stuff, like Windows 2000, and you don't have any bug problems. It's really irritating actually that QuatroPro hasn't got any better since Fast Hand's Bill stole it and renamed it "Excel". But that's pretty much Bill Gate's entire carreer. Look up "Gary Kildall" to see what I mean.

Hadrian_II · #7 October 28th, 2007, 03:32 PM

Is this not the same bug that made problems with firefox before and microsoft did say that there is nothing wrong with their software?

things like that dont happen on linux
SCNR