…along with this week’s latest Windows security patch. Don’t know what it fixes and improves specifically , but it says security and performance enhancements. Hopefully it will unbreak some of things 9.0a broke.
The security fix is pretty serious. A specially malformed MIDI file can execute one of two buffer overruns and allow someone to execute code on your system. Basically a vector for zombie progams which lets the haX0rs use your system to spam or Denial of Service everyone in the world.
You can get the MIDI file through a web page, network share, or embedded in an html email. Of course the last time I ran a MIDI file was back in '89 but there you go.
Here’s the everyman advisory:
http://microsoft.com/security/security_bulletins/ms03-030.asp
Here’s the technical details:
FWIW the automatic updates built into XP is a pretty resonable utility. Set it up so it automatically donwloads, but you have to approve the installs so you download in the background (only using idle bandwidth) and you can not approve the install if the patch is bad or has side effects.
Please practice safe computing and update regularily.
The Public Service Announcement was brought to you by the letter “R”.
My GOD these little HaX0r shits have a lot of time on their hands to figure THAT one out.
Me, I’d kill for another hour a week to read a book.
Actually it was found by some of the “good” guys at http://www.eeye.com not too sure the HaX0rs have it figured out.
No exploits in the wild (yet). But give them time. All it takes is one smart person to to wrap up all their intelligence and cleverness in a script or exe and thousands upon thousands of script kiddies are rampaging all over the net. Or you automate it with a worm and it rampages all on it’s own.