Microsoft Confirms Zero-Day Hours After Exploit 53
CWmike writes "Microsoft confirmed on Tuesday an unpatched vulnerability in Windows just hours after a hacking toolkit published an exploit for the bug. A patch is under construction, but Microsoft does not plan to issue an emergency update to fix the flaw. The bug was first discussed Dec. 15 at a South Korean security conference, but got more attention Tuesday when the open-source Metasploit penetration tool posted an exploit module crafted by researcher Joshua Drake. Metasploit says successful attacks are capable of compromising victimized PCs, then introducing malware to the machines to pillage them for information or enlist them in a criminal botnet."
Would it kill you to link to the Microsoft article (Score:5, Informative)
Re:Bashfest (Score:5, Informative)
Oh wait, this is a NEW bug. Not the one noted above. Silly me.
Re:Bashfest (Score:4, Informative)
Non-Affected Software (Score:5, Informative)
Non-Affected Software
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
Re:Non-Affected Software (Score:4, Informative)
Did you miss the part about this affecting OSes that are't yet EOLed (but will be in the next year or so)?