Building notes, projects, and occasional rants

Windows zero day exploit

The vast majority of software has bugs. The ones that haven't are either two small to do something useful, or written with rigid rules, during long years. We can argue the fine points of this, but it's rare the software that doesn't have them.

The issue with bugs is not that they exist, it's how long you have to wait until they get fixed.

It seems that we now have active exploits roaming around for the latest Windows bug. Even XP2 is not safe, and basically you just have to browse to a site containing a special image (not Britney, a special crafted one).

This worries me because a lot of friends and family use Windows. My wife has a small business and uses Windows. So we are in for a ride in the next couple... what? Days? Weeks? Months? Microsoft hasn't acknowledge the bug yet...

Let's hope someone is able to write a Firefox extension to block these pesky images, and make sure your anti-virus are updated, people.

I wont rant about how Mac's or UNIX in general are more safe from this kind of thing. It's wasted time, really. Security has become some sort of battlefield between OSs (my is bigger than yours kind-of-thing), and most OSs can be made safe, if you are willing to loose flexibility (a anti-windows friend of mine would say that if you are willing to loose network connectivity, Windows is pretty safe...). I myself know that I set up my Mac in certain ways because it's more flexible that way, but I loose security. It's a trade off.

Update: there is fix for the WMF exploit. I find it amusing that it doesn't come from Microsoft, and predates the (so far missing) acknowledgment from them. There isn't a single mention of this in the Microsoft Security page.

Update 2: Ahh, found the Microsoft Security Advisory 912840. It's not in the Security home page, so this is probably me that don't understand where we should look for these things. The wording of the title is amusing: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution. Emphasis mine.