Only Windows XP SP3 -- that's right, SP3 -- is safe. Hackers are trying to exploit a critical Windows vulnerability just patched on Tuesday, security researchers said this afternoon -- and the only version of Windows not at risk is the unfinished Windows XP Service Pack 3 (SP3). Fortunately, attackers' incompetence means that these initial sorties have been unsuccessful, Symantec Corp. said in a brief warning to customers of its DeepSight threat service. "The DeepSight honeynet has observed in-the-wild exploit attempts targeting a GDI vulnerability patched by Microsoft on April 8, 2008," said Symantec in its alert.
On Tuesday, Microsoft Corp. patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista SP1 and Server 2008, is open to attack. The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory.
News Source: Computer World
On Tuesday, Microsoft Corp. patched two bugs, both pegged as "critical," in Windows' GDI, or graphics device interface, one of the core components of the operating system. According to Microsoft, every current version of Windows, including the very newest, Vista SP1 and Server 2008, is open to attack. The vulnerabilities can be triggered by malformed WMF (Windows Metafile) or EMF (Enhanced Metafile) image files, Microsoft noted in its accompanying advisory.
News Source: Computer World
if it was patched on tuesday, wouldn't all windows versions then be safe, provided you have patched yoru system. while SP3 isn't even released yet, so it can't really take the title of only safe windows release, specially if actual released versions have been patched.
Actually I think he's right. When the patches were released on Tuesday, hackers took note of what was being fixed, and began attacking that specific vulnerability on systems without the patch applied.
I don't think you are reading it at all. "Microsoft's GDI patches can be downloaded and installed via the Microsoft Update and Windows Update services, as well as through Windows Server Update Services." -Taken from Computer World Article
If you're still on SP1, you have much more of an attack surface than this one particular bug.
Very Funny
Very Funny
?
All I want to know is if SP1 is vun. to this attack or not ?
Please do yourself a favor, and install SP3 as soon as it's released on Windows update this month.
Thank You.
Please do yourself a favor, and install SP3 as soon as it's released on Windows update this month.
Humm will do when I free up more than 40MB of space
I'm sure all the extra malware XP SP1 is susceptible to will help you increase a lot more than 40MB of space.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.