potential major explooit in ALL versions of windows

Hescominsoon

Hescominsoon

CGA\TOJ Hosting Manager
http://www.emmanuelcomputerconsulting.com/archives/2421

here's the meat of my post(the rest is on my website):

This one has the potential to be very very bad. I have so many websites I am linked to on this one I can't make a coherent written post about it. What I am going to do is put some of the links below. I am going to record a podcast tonight about this and have it posted in the next 24 hours. While the threat right now is low the potential for this one to explode is very very high. I do not get concerned about Windows exploits very often..this one has the very real potential to be on the scale of sasser, code red, or conficker. ECC is gearing up for this to be a widespread event and I am hoping it fizzles(which is dependent on a timely patch from Microsoft.) the following operating sytems will NOT get a ptach from Microsoft:

windows 2000(all versionsw)

Windows XP below SP3(this includes XP 64-bit which is now end of life..no support)

Windows Vista RTM(all versions). Vista SP1 is still supported until July 12 2011. You really should upgrade to SP2 of Vista.
 
So... don't open any e-mail attachments or look at bad websites and we'll be safe?

/1997
 
Keero said:
So... don't open any e-mail attachments or look at bad websites and we'll be safe?

/1997
Click to expand...

Until i get my podcast done all i can say is no. If you go to my site and read some of the links i think you'll be able to see the potential scale. Right now it's not time to panic which is why i put in the word potential. i really hope this one fizzles..otherwise IT folks are going to be very very busy..:)
 
K, so don't allow anyone to put a USB into my computer and have me view the .lnk file. Got it. :)
 
RyanB said:
Don't copy that floppy!
Click to expand...
Oh man.
a_winner_is_you.jpg


In case anyone else missed it... http://www.youtube.com/watch?v=up863eQKGUI
 
Kendrik said:
Oh man.
a_winner_is_you.jpg


In case anyone else missed it... http://www.youtube.com/watch?v=up863eQKGUI
Click to expand...

Wow, just wow. I just had one of those flashing "you're the 1 millionth visitor!" popups on another site. I thought to myself, "it would be so much funnier if it said 'a winner is you'. I might actually click on one". And then I come here, seeing a pro-wrestling screen clip harkening me back to the days of my childhood. Ah, sweet childhood.
cgdoc519 said:
I hope! Ubuntu FTW! But what makes you say that?
Click to expand...

Because people have said that every year since the 90s.
 
Last edited:
[gfc#6]suicidebomber;388163 said:
ANY lnk file is able to be exploited. the usb vector was the one that was discovered first.
Click to expand...

Right, the problem is that a .lnk files will link ONLY to an exe on your system. This is not something you can accidentally run by visiting a web page. So for this to be a vulnerability, that means you have to A) run this .lnk file (which does NOT happen through internet explorer as far as i know) and B) already have a malicious exe file on your system. So the only forseeable threat here is from an infected USB drive which would itself already require access.

In other words, if someone gets this virus, it's because you were already compromised. No need for panic, because there's nothing to see here.
 
Elader Arkon said:
And will probably keep saying it for at least the next five years or so, at which point it will either come true or they'll give up saying it. :D
Click to expand...
Never give up. Never surrender. Never let hope die.

The Year of the Penguin is at hand! PLZBLV!
 
Wanted to add on the topic...is there anything I'm missing as to how this could/couldn't be executed as a vulnerability?
 
You must log in or register to reply here.
Back
Top