Thursday, August 19, 2010

Microsoft "zero-day" vulnerability could affect most third-party apps

Greg Keizer has reported, on Computerworld, a “zero-day” Microsoft vulnerability that he says he had noticed affected over 40 applications (when he was gumshoeing a shortcut problem) but now says it could be many more.

Each application would have to be patched separately, or else a patch for developers could be issued, instead of some massive update for home users which could break some applications.  Apparently the vulnerability applies to XP, Vista and 7.

The link for the story is here.

The problem was reported by Mitja Kolsek, CEO of Acros Security in Slovenia.

Users might be able to reduce vulnerability by closing some ports.

The problem has to do with the way some execution elements are linked, comparable to the “controversy” in mainframe IBM programming between dynamic and static link decks.

No comments: