as per title http://news.zdnet.co.uk/0,39020330,39166677,00.htm completely unbelievable M$ need to pull their heads out of their *****!

 

So what. A bug has been found, and they've already fixed it. As long as you keep your machine up to date, you shouldn't have a problem.

 

...and for the millions of people who don't read tech news and don't update their systems, what do they do other than be susceptible to this flaw?

 

It's not that simple.

You need to visit Windows Update and Office Update to start with. The Office XP patch needs Office XP SP3 to start with.

However, the DLL in question (GDIPlus.dll) can also be shipped with 3rd party applications for JPEG 'display' (to put it simply). How do you know which application is patched? Which application uses which DLL?

MS have previously advised developers to install the .DLL into their Program Folder and not %SystemRoot%. Best start searching your whole PC for it.

I know of cases of the scan tool telling a user the PC is vulnerable but Windows Update and Office Update not offering the patch.

Nothing in the wild yet but...

 

IIRC Jpegs have a thumbnail of themselves included in their encoding. I guess that this exploit is something to do with this and the preview pane in explorer?

 

Just a couple of questions.

How many people here write code?
If you do, how many people write code for a product that has as many lines as code in it as Windows and associated applications has in it?
So that will be none then
Just in case there are any people left, how many people write code for a product where thousands if not millions of people actively look for security flaws in it?
So that will definately be zero then

All the people who answered yes to the first question, can I buy your software with a guarantee of zero bugs, and zero security flaws. Thought not

Patch has been released, its upto people to keep their compooters patched properly.

Wasnt some other browser think it was called Opera having its praises sung on here, only for a load of security flaws to be found in it

 

I'm with you CTR. This style of MS bashing is a bit like complaining to your builder because a burglar managed to break into your house.