SillyDog701

Message Centre 3.0

Skip to content

MS confirms zero-day bug, but won't patch it

Microsoft Windows operating system, and software for Windows platform, including QuickTime Player and iTunes for Windows. We also discuss topics about Microsoft Corp.

Moderators: Josh, Don_HH2K, Mandrake

Post a reply

MS confirms zero-day bug, but won't patch it

Postby Antony » Mon 19 Jul, 2010 8:00 am

According to Macworld UK, Microsoft has confirmed a 'shortcut' Windows zero-day bug, but they won't patch the vulnerability for Windows XP SP2 or Windows 2000.

Microsoft on Friday warned that attackers are exploiting a critical unpatched Windows vulnerability using infected USB flash drives.

The bug admission is the first that affects Windows XP Service Pack 2 (SP2) since Microsoft retired the edition from support , researchers said. When Microsoft does fix the flaw, it will not be providing a patch for machines still running XP SP2.

In a security advisory , Microsoft confirmed what other researchers had been saying for almost a month: Hackers have been exploiting a bug in Windows "shortcut" files, the placeholders typically dropped on the desktop or into the Start menu to represent links to actual files or programs.

...

Microsoft said that all still-supported versions of Windows, including Windows XP SP3, Vista, Server 2003, Windows 7, Server 2008 and Server 2008 R2, contain the bug. The betas of Windows 7 SP1 and Server 2008 R2 SP1, which the company released last week, are also at risk.

Windows XP SP2 users must upgrade to XP SP3 to receive a patch for the shortcut flaw when it eventually ships.

Full article: Microsoft confirms 'nasty' Windows zero-day bug (19 July, 2010, Macworld UK)
UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
User avatar
Antony
diamond member
diamond member
 
Posts: 14510
Joined: Tue 18 Jun, 2002 11:36 pm
Location: Sydney, Australia
Top

Re: MS confirms zero-day bug, but won't patch it

Postby DJGM » Mon 19 Jul, 2010 7:45 pm

Simple reason ... as of last Tuesday, both Windows XP SP2 and Windows 2000 are no longer supported
by Microsoft, so they get no more security patches. This is only the first of many they'll miss out on.

Now Windows XP SP2 and Windows 2000 are now officially obsolete, why should Microsoft continue to
provide any patches for them? Anyone still using them as their main OS, need to get their systems
upgraded to at least Windows XP SP3 as soon as possible to remain secure and fully supported.
UserAgent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.10) Gecko/20100504 SeaMonkey/2.0.5 (like Firefox/3.5.x)
SeaMonkey = Swiss Army Knife: It's versatile, reliable, and contains useful tools.
Windows Internet Explorer = Old Swiss Cheese: Full of holes, and it stinks!
User avatar
DJGM
diamond member
diamond member
 
Posts: 4572
Joined: Wed 19 Jun, 2002 1:03 pm
Location: Manchester, England, UK
Top
Post a reply

Return to Windows (and Microsoft talk)

Who is online

Registered users: Google [Bot]

Powered by phpBB © phpBB Group
Cheap Web Hosting

support SillyDog701
[SillyDog701 home] [Netscape] [download NS] [MozInfo701] [MacCentre701] [Feedback] [Search] [Sitemap]
All messages posted in this forum do not necessarily represent SillyDog701. This forum is operated by Antony Shen. All rights reserved. Copyright Notice. Privacy Statement.		 get FirefoxMade on a Mac