Microsoft Security Advisory (943521)

Discussion in 'other security issues & news' started by ronjor, Oct 25, 2007.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    Microsoft
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    It seems that the implementations of URI are too buggy :eek:
    New flaws involving URI handling are discovered on a daily basis (Adobe Reader, Firefox, Quick Time, etc)
    One more reason to disable/whitelist the use of browser plug-ins.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes, but when it comes to remote code execution exploits, a HIPS will probably block them. I did however see a demo that could kill the Skype tool just by clicking a link, and termination protection won´t help. But I assume that security tools don´t have any URI commands that can shut them down. :rolleyes:
     
  4. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    Yes, HIPS do protect against remote code execution, but this is a big hole in Windows.
     
Loading...
Thread Status:
Not open for further replies.