Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Researcher: 40 Windows Apps Affected by Critical Flaw


19 Aug 2010   #1

Windows 7 x64 / Same
 
 
Researcher: 40 Windows Apps Affected by Critical Flaw

Quote:
A Texas-based researcher claimed he had discovered that about 40 different Windows apps, including the Windows shell, suffer from a critical vulnerability that could open up users to attacks by hackers. The flaw was originally discovered in iTunes for Windows, and was patched by Apple four months ago with iTunes 9.1.
Details...


My System SpecsSystem Spec
.

19 Aug 2010   #2

Windows 7 Pro. 64/SP-1
 
 

Let me know if I understand that read. Itunes by Apple was made also for Windows and it took Apple a little time to figure out that Windows systems use DLL.
My System SpecsSystem Spec
20 Aug 2010   #3

Windows 7 Ultimate x64
 
 

Here is another article from Computerworld that discusses the issue in depth.
My System SpecsSystem Spec
.


20 Aug 2010   #4

Win7 Home Premium 64x
 
 

wow. Thanks for heads up Win7user512 and BOM.
My System SpecsSystem Spec
20 Aug 2010   #5

Windows 7 Professional 64-bit
 
 

lol at comments on that page.
My System SpecsSystem Spec
20 Aug 2010   #6

Windows 7 x64 Ultimate
 
 

I dunno, it's almost not any different from saying that All OSes are completely insecure because they all allow people to DL and install programs.

Really, I'm serious. Even if every single other possible hole was fixed in every OS and every app, if you continue to let people individually develop, distribute and DL apps, you will have a GAPING unfixable vulnerabilities (As the mobile app market is finding out in spades right now).

This "trick" isn't really a trick at all, you still need to get the user to do something to "install" the file to start with, the difference between that and getting them to launch any random executable is pretty much nothing.
My System SpecsSystem Spec
25 Aug 2010   #7

Windows 7 x64 / Same
 
 

Update:

Quote:
On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.
Article...

Another

And another...
My System SpecsSystem Spec
25 Aug 2010   #8
NoN

Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
 
 

My System SpecsSystem Spec
25 Aug 2010   #9

Windows 7 x64 Ultimate
 
 

That's not a "fix". There is no fix. That will break tons and TONS of existing code... An app can't even look in its own folder for its own shipping DLLs?

Go ahead and look through your programs files folders and look at all the programs that ship and install DLLs in their "CWD". I bet virtually NONE of them fully qualify and hand load their DLLs at runtime. NO ONE does that. The number of exeptions you would have to put in would be enourmous and pretty much make using the global flag pretty useless :/

I am serious when I say that this "abomination" is merely one step away from some reasearcher proclaiming that Windows is hopelessy insecure becuase after you buy it you can be tricked into installing a trojan app. I.e. It's time to stop allowing people to install applications as that is a /serious/ security hole. An elephant in the room so to say. (Not even Apples vetted app store is free from problem programs)

I smell an Onion Article...
My System SpecsSystem Spec
26 Aug 2010   #10

Win7 Home Premium 64x
 
 

Free upgrade to Win8 for everyone. no more Dll's... no backward compatibility. ? I don't know how they will fix this issue otherwise.

I wonder if MS was already suspecting this and trying to move forward away from it in case anyone found an exploit.
My System SpecsSystem Spec
Reply

 Researcher: 40 Windows Apps Affected by Critical Flaw




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:07 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33