Friday, November 13, 2009

This couldn't wait...

Heads up to all Microsoft Windows users: If you’re running Windows 2000, Windows XP or Windows Server 2003, stop what you’re doing and immediately download and apply the MS09-065 update released earlier this week.

Security researchers say it’s only a matter of time — days not weeks — before malicious hackers start exploiting one of the vulnerabilities via booby-trapped Web pages or Office (Word or PowerPoint) documents.

The specific vulnerability — in the font parsing subsystem of the win32.sys driver — provides an entry point for hackers to take complete control of an unpatched machine without any user action beyond normal browsing or opening a rigged document file.

A proof-of-concept exploit has already been fitted into the Metasploit point-and-click tool. According to Metasploit’s HD Moore, the code triggers a BSoD (blue screen of death) from a Web page. With some modifications, Moore expects to get reliable code execution very soon.

Microsoft’s MS09-065 bulletin says an exploit was already publicly available before the update was ready on Patch Tuesday (perhaps this one released since August?), meaning that malware authors have gotten a long head start researching entry points for attacks.

Please keep a few things in mind.
1. You are responsible for patching and defending your computer.
2. Beware who you trust. Even I am just some guy you met on the internet.
3. If you have technical questions feel free to send me an email at krippledwarrior[at]


NicNacManiac said...

Hey there,
Thanks for stopping by and taking the time to make such thoughtful comments, you do brighten my day and now you are helping to protect me!! You are a true warrior!!
Have some fun this evening!! xOxO

Edie said...

Just like I said, protection is what you get from a military, Christian biker type. :) Thanks for keeping us covered my friend.

Hey there's a motorcycle in your header! I think someone has been messing with your computer. :o



But I have Vista so I could not use them right?