security risk in jpegs FFS!
#1
Scooby Regular
Thread Starter
Join Date: Sep 1999
Location: Bedfordshire
Posts: 4,037
Likes: 0
Received 0 Likes
on
0 Posts
security risk in jpegs FFS!
as per title http://news.zdnet.co.uk/0,39020330,39166677,00.htm completely unbelievable M$ need to pull their heads out of their *****!
#2
Scooby Regular
Join Date: Sep 1999
Location: Swindon, Wiltshire Xbox Gamertag: Gutgouger
Posts: 6,956
Likes: 0
Received 0 Likes
on
0 Posts
So what. A bug has been found, and they've already fixed it. As long as you keep your machine up to date, you shouldn't have a problem.
#3
Scooby Regular
Join Date: Oct 2004
Location: Was Manc now Camden
Posts: 2,689
Likes: 0
Received 0 Likes
on
0 Posts
...and for the millions of people who don't read tech news and don't update their systems, what do they do other than be susceptible to this flaw?
#4
Originally Posted by Iain Young
So what. A bug has been found, and they've already fixed it. As long as you keep your machine up to date, you shouldn't have a problem.
You need to visit Windows Update and Office Update to start with. The Office XP patch needs Office XP SP3 to start with.
However, the DLL in question (GDIPlus.dll) can also be shipped with 3rd party applications for JPEG 'display' (to put it simply). How do you know which application is patched? Which application uses which DLL?
MS have previously advised developers to install the .DLL into their Program Folder and not %SystemRoot%. Best start searching your whole PC for it.
I know of cases of the scan tool telling a user the PC is vulnerable but Windows Update and Office Update not offering the patch.
Nothing in the wild yet but...
#6
Just a couple of questions.
How many people here write code?
If you do, how many people write code for a product that has as many lines as code in it as Windows and associated applications has in it?
So that will be none then
Just in case there are any people left, how many people write code for a product where thousands if not millions of people actively look for security flaws in it?
So that will definately be zero then
All the people who answered yes to the first question, can I buy your software with a guarantee of zero bugs, and zero security flaws. Thought not
Patch has been released, its upto people to keep their compooters patched properly.
Wasnt some other browser think it was called Opera having its praises sung on here, only for a load of security flaws to be found in it
How many people here write code?
If you do, how many people write code for a product that has as many lines as code in it as Windows and associated applications has in it?
So that will be none then
Just in case there are any people left, how many people write code for a product where thousands if not millions of people actively look for security flaws in it?
So that will definately be zero then
All the people who answered yes to the first question, can I buy your software with a guarantee of zero bugs, and zero security flaws. Thought not
Patch has been released, its upto people to keep their compooters patched properly.
Wasnt some other browser think it was called Opera having its praises sung on here, only for a load of security flaws to be found in it
Thread
Thread Starter
Forum
Replies
Last Post