Microsoft confirms code execution bug in Windows
Microsoft has confirmed reports that several versions of Windows are vulnerable to exploits that allow remote attackers to take full control of users' computers using booby-trapped emails and websites.
In an advisory issued Tuesday, Microsoft said it was investigating “new public reports” of vulnerability in the XP, Server 2003, Vista, and Server 2008 versions of Windows. In fact, the first known report of the bug in the way those operating systems process thumbnail images came on December 15 at a security conference in South Korea. On Tuesday, exploit code was added to the Metasploit software framework for hackers.
“This is a remote code execution vulnerability,” the Microsoft advisory stated. “An attacker who successfully exploited this vulnerability could take complete control of an affected system.”
The flaw resides in the Windows Graphics Rendering Engine and can be exploited when victims view a specially manipulated thumbnails on network-shared folders or drives or in online WebDAV-shared folders. It can also be targeted when email users open or preview Microsoft Word or PowerPoint files that contain the doctored images.
Ahahaha... ej, thumbnail i remote code execution... Pa ono, tako im i treba kada su pustili pavijane i babune da vam pisu kod a CEO im je prodavac magle... Samo neka oni rade na novim frameworcima, cloud-u i ostalim glupostima, a za to vreme im OS rusi "booby-trapped" ikona...
Sign of times...
Zamislite tek neki sudski slucaj... uhvacen h4xor i tuzilac (drzava) cita "Onda je optuzeni uradio zlo delo: uneo je NEGATIVNI INDEKS boje u ikoni, sto je izazvalo eskalaciju privilegija... trazimo najstrozu kaznu za taj cin!" hahaha nadrealno :)
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey