Researcher: 40 Windows Apps Affected by Critical Flaw

Page 1 of 2 12 LastLast

    Researcher: 40 Windows Apps Affected by Critical Flaw


    Posted: 19 Aug 2010
    A Texas-based researcher claimed he had discovered that about 40 different Windows apps, including the Windows shell, suffer from a critical vulnerability that could open up users to attacks by hackers. The flaw was originally discovered in iTunes for Windows, and was patched by Apple four months ago with iTunes 9.1.
    Details...
    Posted By: Win7User512
    19 Aug 2010



  1. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #1

    Let me know if I understand that read. Itunes by Apple was made also for Windows and it took Apple a little time to figure out that Windows systems use DLL.
      My Computer


  2. Posts : 196
    Windows 7 / Windows 8.1
       #2

    Here is another article from Computerworld that discusses the issue in depth.
      My Computer


  3. Posts : 3,300
    Win7 Home Premium 64x
       #3

    wow. Thanks for heads up Win7user512 and BOM.
      My Computer


  4. Posts : 4,925
    Windows 7 Professional 64-bit
       #4

    lol at comments on that page.
      My Computer


  5. Posts : 2,528
    Windows 7 x64 Ultimate
       #5

    I dunno, it's almost not any different from saying that All OSes are completely insecure because they all allow people to DL and install programs.

    Really, I'm serious. Even if every single other possible hole was fixed in every OS and every app, if you continue to let people individually develop, distribute and DL apps, you will have a GAPING unfixable vulnerabilities (As the mobile app market is finding out in spades right now).

    This "trick" isn't really a trick at all, you still need to get the user to do something to "install" the file to start with, the difference between that and getting them to launch any random executable is pretty much nothing.
      My Computer


  6. Posts : 1,487
    Windows 7 x64 / Same
    Thread Starter
       #6

    Update:

    On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.
    Article...

    Another

    And another...
      My Computer


  7. NoN
    Posts : 4,166
    Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
       #7
      My Computer


  8. Posts : 2,528
    Windows 7 x64 Ultimate
       #8

    That's not a "fix". There is no fix. That will break tons and TONS of existing code... An app can't even look in its own folder for its own shipping DLLs?

    Go ahead and look through your programs files folders and look at all the programs that ship and install DLLs in their "CWD". I bet virtually NONE of them fully qualify and hand load their DLLs at runtime. NO ONE does that. The number of exeptions you would have to put in would be enourmous and pretty much make using the global flag pretty useless :/

    I am serious when I say that this "abomination" is merely one step away from some reasearcher proclaiming that Windows is hopelessy insecure becuase after you buy it you can be tricked into installing a trojan app. I.e. It's time to stop allowing people to install applications as that is a /serious/ security hole. An elephant in the room so to say. (Not even Apples vetted app store is free from problem programs)

    I smell an Onion Article...
      My Computer


  9. Posts : 3,300
    Win7 Home Premium 64x
       #9

    Free upgrade to Win8 for everyone. no more Dll's... no backward compatibility. ? I don't know how they will fix this issue otherwise.

    I wonder if MS was already suspecting this and trying to move forward away from it in case anyone found an exploit.
      My Computer


 
Page 1 of 2 12 LastLast

Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 05:31.
Find Us