Researcher: 40 Windows Apps Affected by Critical Flaw

W

Win7User512

New member
A Texas-based researcher claimed he had discovered that about 40 different Windows apps, including the Windows shell, suffer from a critical vulnerability that could open up users to attacks by hackers. The flaw was originally discovered in iTunes for Windows, and was patched by Apple four months ago with iTunes 9.1.
Click to expand...

Details...
 

My Computer

Computer Manufacturer/Model Number
Dell Inspiron 1520 (Laptop)/ Home (Desktop)
OS
Windows 7 x64 / Same
CPU
Intel Core 2 Duo T7250 / Intel Core i7 930
Motherboard
Intel 945 / Asus P6X58D-E
Memory
4GB / 6GB
Graphics Card(s)
NVIDIA GeForce 8400M GS / ASUS 1GB
Sound Card
Whatever Dell gave me :-( / Onboard
Monitor(s) Displays
15.4" LCD / Crappy CRT
Hard Drives
Seagate 500GB SATA; 7200 RPM / Seagate 1TB SATA; 7200 RPM
PSU
N/A / OCZ Fatal1ty 550W Modular
Case
N/A / Antec 900
Cooling
Air
Mouse
Microsoft Presenter (Bluetooth)
Let me know if I understand that read. Itunes by Apple was made also for Windows and it took Apple a little time to figure out that Windows systems use DLL.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home made Desktop
OS
Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
CPU
Intel i7-6800K @ 4.3
Motherboard
ASUS X-99 Deluxe II
Memory
Corsair Platinum 16 gig @2400
Graphics Card(s)
EVGA GTX 1070 OC
Monitor(s) Displays
Asus 27" LED LCD/VE278Q
Screen Resolution
1920-1080 or 1280-720 HDMI
Hard Drives
INTEL SSD 730-240 Gb Sata 3.0/
PSU
EVGA Platium 1200W
Case
Phanteks Luxe Tempered Glass 8 fans/ one radiator
Cooling
XSPC/ Water Cooled CPU
Keyboard
Das 4 Professional
Mouse
Logitech M705/MX Anywhere 2-S
Internet Speed
100 mbits
Antivirus
Microsoft Security Essentials/ Malwarebytes Premium 3.0/ SAS
Browser
I.E. 11 default/Firefox/ ISP Time Warner Cable/Spectrum
Other Info
LG BluRay Burner/
Sound system-KLipsch-THX/
Icy Dock ssd Hot Swap bays.

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Desktop PC
OS
Windows 7 / Windows 8.1
CPU
Devils Canyon i7-4790K @ 4.8 GHz ~ 1.33v
Motherboard
Asus Z97 Deluxe
Memory
Corsair Vengeance Pro PC3-19200 DDR3 2400MHz
Graphics Card(s)
EVGA GeForce GTX 980 SuperClocked ACX 2.0
Sound Card
Realtek ALC1150 8 channels
Monitor(s) Displays
BenQ XL2720Z 27"
Screen Resolution
1920 x 1080 @ 144Hz
Hard Drives
SSD1: 512GB Samsung 850 Pro
SSD2: 1TB Samsung 850 EVO
SSD3: 1TB Samsung 850 EVO
HDD: 4TB Western Digital Black
Backup: Western Digital My Book Duo 8TB
PSU
Corsair HX1000i / CyberPower CP1500PFCLCD PFC Sinewave UPS 1
Case
Corsair Graphite 780T
Cooling
Custom single loop liquid; CPU delidded; Aerocool DS Fans
Keyboard
Logitech G710 Cherry MX Blue
Mouse
LogitechG502 Proteus Core
Internet Speed
Download: 119MBs /Upload 39.12MBs via Optimum 101 Ultra
Antivirus
MYOB
Browser
Firefox
Other Info
Cooling: EK-Supremecy MX Waterblock, XSPC AX360 Radiator, Swiftech MCP655 Series 12VDC D5 Pump, EK-RES x3 250 Reservoir, Primochill Ice Intensified Coolant, 11x AerocoolDS fans, Primochill Primoflex Avanced LRT Tubing
wow. Thanks for heads up Win7user512 and BOM.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ASUS G60-RBBX05
OS
Win7 Home Premium 64x
CPU
Intel Core 2 Duo P7450 / 2.13 GHz (2.29 with Extreme Turbo)
Memory
4 GB PC-6400 Hyundai (2X2) at 800Mhz
Graphics Card(s)
NVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Monitor(s) Displays
16" LED Backlit
Screen Resolution
1366 x 768 on laptop 1600x1050 max res on 22" external mon
Hard Drives
OCZ Agility 3 60GB SSD / 320 GB - Serial ATA-150 - 7200 rpm
PSU
6-cell Lithium ion { lasts 1.5 hours }
Case
ASUS G60 Laptop
Keyboard
Chicklet type back-lit (white light) keyboard
Mouse
Logitech G9 Laser Mouse 3200dpi and 1000 reports per minute
Internet Speed
Comcast 8.60mb/s up - 3.11mb/s down
Antivirus
MSE
Browser
Firefox
Other Info
General mid-budget gaming Comp. Low batterylife - High FrameRates - currently overheating problems :(

2nd Rig: Case: Rosewill BLACKHAWK Gaming ATX Mid Tower Computer Case

Mobo: GIGABYTE GA-990FXA-UD3
CPU: AMD FX-6200 Zambezi 3.8GHz (4.1GHz Turbo)
Heatsink: COOLER MASTER V8 CPU Cooler
RAM: Patriot Viper 3 8GB (2 x 4GB) 240-Pin DDR3 SDRAM 1866 (PC3 15000)
GPU: SAPPHIRE Radeon HD 6850 1GB 2
lol at comments on that page.
 

My Computer

Computer Manufacturer/Model Number
self built
OS
Windows 7 Professional 64-bit
CPU
Intel E8400 3GHz
Motherboard
Intel DX48BT2
Memory
Kingston PC3-10700H 4Gb
Graphics Card(s)
XFX Radeon HD 5850 BlackEd.
Sound Card
Asus Xonar DG
Monitor(s) Displays
2x Samsung SM-T220HD 22"
Screen Resolution
1680x1050 on two monitors
Hard Drives
OCZ Vertex 2 120gb 3.5" (OS)
Seagate Momentus XT 500gb
Samsung F3 1Tb (games)
2x Samsung F1 1Tb
PSU
Thermaltake ToughPower 850w
Case
Thermaltake Armor
Cooling
Scythe Mugen II
Keyboard
Microsoft Comfort Curve USB
Mouse
Razer Diamondback 3G
Internet Speed
8128/443
I dunno, it's almost not any different from saying that All OSes are completely insecure because they all allow people to DL and install programs.

Really, I'm serious. Even if every single other possible hole was fixed in every OS and every app, if you continue to let people individually develop, distribute and DL apps, you will have a GAPING unfixable vulnerabilities (As the mobile app market is finding out in spades right now).

This "trick" isn't really a trick at all, you still need to get the user to do something to "install" the file to start with, the difference between that and getting them to launch any random executable is pretty much nothing.
 

My Computer

Computer Manufacturer/Model Number
Scratch built
OS
Windows 7 x64 Ultimate
CPU
i7 960
Motherboard
Asus P6X58D
Memory
12 Gig Corsair Dominator
Graphics Card(s)
Nvidia 480
Sound Card
Maudio Delta 44 + breakout box
Monitor(s) Displays
Dell UltraSharp U2410 24in and Samsung 21 dual monitors
Screen Resolution
1920x1200 and 1280x1024
Hard Drives
Primary: Intel X-25M G2 160G SSD
Secondary: Segate baracuda 1.0 TB
HDs in AHCI mode.
PSU
Corasair TX850
Case
Cooler Master HAF
Cooling
Corsair H50
Keyboard
Logitech G15 + N52 game pad
Mouse
Logitech MX518
Internet Speed
15kbs down 4.5kbps up
Other Info
WEI 7.6
CPU & RAM 7.6
Graphics 7.9
Hard disk 7.7
Update:

On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications.
Click to expand...

Article...

Another

And another...
 

My Computer

Computer Manufacturer/Model Number
Dell Inspiron 1520 (Laptop)/ Home (Desktop)
OS
Windows 7 x64 / Same
CPU
Intel Core 2 Duo T7250 / Intel Core i7 930
Motherboard
Intel 945 / Asus P6X58D-E
Memory
4GB / 6GB
Graphics Card(s)
NVIDIA GeForce 8400M GS / ASUS 1GB
Sound Card
Whatever Dell gave me :-( / Onboard
Monitor(s) Displays
15.4" LCD / Crappy CRT
Hard Drives
Seagate 500GB SATA; 7200 RPM / Seagate 1TB SATA; 7200 RPM
PSU
N/A / OCZ Fatal1ty 550W Modular
Case
N/A / Antec 900
Cooling
Air
Mouse
Microsoft Presenter (Bluetooth)

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
That's not a "fix". There is no fix. That will break tons and TONS of existing code... An app can't even look in its own folder for its own shipping DLLs?

Go ahead and look through your programs files folders and look at all the programs that ship and install DLLs in their "CWD". I bet virtually NONE of them fully qualify and hand load their DLLs at runtime. NO ONE does that. The number of exeptions you would have to put in would be enourmous and pretty much make using the global flag pretty useless :/

I am serious when I say that this "abomination" is merely one step away from some reasearcher proclaiming that Windows is hopelessy insecure becuase after you buy it you can be tricked into installing a trojan app. I.e. It's time to stop allowing people to install applications as that is a /serious/ security hole. An elephant in the room so to say. (Not even Apples vetted app store is free from problem programs)

I smell an Onion Article...
 

My Computer

Computer Manufacturer/Model Number
Scratch built
OS
Windows 7 x64 Ultimate
CPU
i7 960
Motherboard
Asus P6X58D
Memory
12 Gig Corsair Dominator
Graphics Card(s)
Nvidia 480
Sound Card
Maudio Delta 44 + breakout box
Monitor(s) Displays
Dell UltraSharp U2410 24in and Samsung 21 dual monitors
Screen Resolution
1920x1200 and 1280x1024
Hard Drives
Primary: Intel X-25M G2 160G SSD
Secondary: Segate baracuda 1.0 TB
HDs in AHCI mode.
PSU
Corasair TX850
Case
Cooler Master HAF
Cooling
Corsair H50
Keyboard
Logitech G15 + N52 game pad
Mouse
Logitech MX518
Internet Speed
15kbs down 4.5kbps up
Other Info
WEI 7.6
CPU & RAM 7.6
Graphics 7.9
Hard disk 7.7
Free upgrade to Win8 for everyone. no more Dll's... no backward compatibility. ? I don't know how they will fix this issue otherwise.

I wonder if MS was already suspecting this and trying to move forward away from it in case anyone found an exploit.
 

My Computer

Computer type
Laptop
Computer Manufacturer/Model Number
ASUS G60-RBBX05
OS
Win7 Home Premium 64x
CPU
Intel Core 2 Duo P7450 / 2.13 GHz (2.29 with Extreme Turbo)
Memory
4 GB PC-6400 Hyundai (2X2) at 800Mhz
Graphics Card(s)
NVIDIA GeForce GTX 260M 1GB DDR3 VRAM
Monitor(s) Displays
16" LED Backlit
Screen Resolution
1366 x 768 on laptop 1600x1050 max res on 22" external mon
Hard Drives
OCZ Agility 3 60GB SSD / 320 GB - Serial ATA-150 - 7200 rpm
PSU
6-cell Lithium ion { lasts 1.5 hours }
Case
ASUS G60 Laptop
Keyboard
Chicklet type back-lit (white light) keyboard
Mouse
Logitech G9 Laser Mouse 3200dpi and 1000 reports per minute
Internet Speed
Comcast 8.60mb/s up - 3.11mb/s down
Antivirus
MSE
Browser
Firefox
Other Info
General mid-budget gaming Comp. Low batterylife - High FrameRates - currently overheating problems :(

2nd Rig: Case: Rosewill BLACKHAWK Gaming ATX Mid Tower Computer Case

Mobo: GIGABYTE GA-990FXA-UD3
CPU: AMD FX-6200 Zambezi 3.8GHz (4.1GHz Turbo)
Heatsink: COOLER MASTER V8 CPU Cooler
RAM: Patriot Viper 3 8GB (2 x 4GB) 240-Pin DDR3 SDRAM 1866 (PC3 15000)
GPU: SAPPHIRE Radeon HD 6850 1GB 2

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
Has anyone tried it on their machine yet?

It looks like it may infact completely disable nearly all third party software on your machine the way I read the billitin. I.e. I don't think this is a patch that just anyone should install. But if someone has a spare machine with some third party software on it (FF, Photoshop etc) thatthey want to sacrefice... would be good to know before spreading this URL around.
 

My Computer

Computer Manufacturer/Model Number
Scratch built
OS
Windows 7 x64 Ultimate
CPU
i7 960
Motherboard
Asus P6X58D
Memory
12 Gig Corsair Dominator
Graphics Card(s)
Nvidia 480
Sound Card
Maudio Delta 44 + breakout box
Monitor(s) Displays
Dell UltraSharp U2410 24in and Samsung 21 dual monitors
Screen Resolution
1920x1200 and 1280x1024
Hard Drives
Primary: Intel X-25M G2 160G SSD
Secondary: Segate baracuda 1.0 TB
HDs in AHCI mode.
PSU
Corasair TX850
Case
Cooler Master HAF
Cooling
Corsair H50
Keyboard
Logitech G15 + N52 game pad
Mouse
Logitech MX518
Internet Speed
15kbs down 4.5kbps up
Other Info
WEI 7.6
CPU & RAM 7.6
Graphics 7.9
Hard disk 7.7
fseal said:
Has anyone tried it on their machine yet?

It looks like it may infact completely disable nearly all third party software on your machine the way I read the billitin. I.e. I don't think this is a patch that just anyone should install. But if someone has a spare machine with some third party software on it (FF, Photoshop etc) thatthey want to sacrefice... would be good to know before spreading this URL around.
Click to expand...

Hi fseal, I did not yet applyed this patch either on a Windows 7 x64, but did the first recommendation by changing the registry setting from the first "Quick Fix" MS bulletin provided in the two places mentionned since two days ago, no big issues at the moment.

I guess the patch will only change the registry settings also.

Got no probs with my apps like PowerDVD9 ultra, IE8, The Gimp x64, Media Maker 8 plus WinLiveMail, most of the MS Apps, etc...

I mean they do oppened like usual and "save as" like usual..

might try soon i saved some stuff of mine this Download package x64.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom Build
OS
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
CPU
Ivy Bridge Core i5 3570K (Delidded)
Motherboard
Asus P8Z77-V LE PLUS
Memory
G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
Graphics Card(s)
Asus Dual-RX480-O4G
Sound Card
Creative Sound Blaster Z w/5.1 sound system
Monitor(s) Displays
Asus IPS 23"
Screen Resolution
16/9
Hard Drives
Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
PSU
In Win C 900W Series 80+ Platinum
Case
Thermaltake Chaser A71
Cooling
Custom Water Cooling Loop
Keyboard
Cooler Master QuickFire XTi
Mouse
Razer Imperator 2012 (4G)
Antivirus
MSE
Browser
IE 11.0.xxx Rtm
Other Info
"Raid0" with Intel Smart Response Technology (HDD/SSD)
You must log in or register to reply here.
Back
Top