What was it you said about Linux being so insecure?
Did you choke on your breakfast when you read this?
A year-old Windows bug affecting the way that DLL (Dynamic Link Library) files are pre-loaded is going to be a big headache for end users trying to eradicate vulnerable software from their systems.
The problem is that while Microsoft can patch Windows, affected programs, which could number hundreds, will need to be patched by the developers who created them.
CNet gives us an indication of the scale of the problem:
Now, the Exploit-db.com exploit database is getting flooded with submissions of applications that people say are vulnerable, including Windows Live Mail, Windows Movie Maker, Microsoft PowerPoint 2010, Office 2007, and non-Microsoft applications like Firefox 3.6.8, Foxit Reader, Wireshark and uTorrent, said Mati Aharoni, founder of security firm Offensive Security, which runs the exploit database.
“Today we broke a record in the Exploit-db with the amount of exploits for various Windows applications submitted in one day…all based on the same vulnerability,” Aharoni said. “Right now it’s in the dozens,” he said, but he expects there will be hundreds of vulnerable applications reported before too long.
There’s a Microsoft security bulletin covering the issue, and a tool to help users prevent exploits, but this is aimed at security administrators.
Hundreds of applications being vulnerable and needing to be patches is going to be a major headache for end users. Not only with the patch and update load increase, but then there’s the added problem of application that are no longer being supported never seeing updates.
My advice is that you should take care. Be especially wary of unsolicited links and documents sent to you by email or other communication channels. Also, keep your security software updated. Another good tool to install might be Secunia’s PSI scanner that will allow worried users to run regular scans to look for vulnerable software, and also help you track down updates.
