Hacker News new | past | comments | ask | show | jobs | submit login
Flaw found that affects every Windows machine (itnews.com.au)
30 points by damncabbage on Jan 30, 2011 | hide | past | favorite | 12 comments



Temporarily plug the security hole (courtesy of Microsoft Support):

http://support.microsoft.com/kb/2501696


Fix it for me tool is just great. Sure, a real patch would be better, but being able to quickly (and w/o lots of tinkering) be able to apply and undo workarounds is extremely nice.

It certainly makes the being the "IT guy" for a lot of family/friend machines a LOT easier.


The page here:

http://blogs.technet.com/b/srd/

shows you how to check if you're vulnerable. I couldn't persuade Chrome to navigate to an mhtml protocol page from the address bar, so embedded a link in a web page to the sample file they gave. Chrome downloads the .mht, clicking opens in IE, which pops up a message box unless you've run the Fix It.


With the disappearance of milw0rm.com I don't know where to find exploit code anymore, and the MS security advisory is predictably lacking depth. It looks like it's a way to get an image interpreted as javascript, but it'd be nice to know how it's actually done.


FYI: Opera is totally safe about this issue.


As far as I know, only Internet Explorer handles MHTML files, so if you use a different browser, this problem shouldn't affect you. Firefox, for example, treats them as text files.


Oh, funny. I thought the flaw would have been that they're running Windows.

flamesuit on, ready for downvotes


I used to suffer from this. I still do, only to a lesser extent. My parents suffer from this horribly.

University taught me that, when 95% of the people you know use windows (and constantly try to get you to use windows, might I add), having this windows-hating syndrome just means you're not going to have any friends.

So, while I'm not a fan of windows, and I won't use windows, I don't make snide comments about windows being completely inferior to my choice.


While I don't condone the comment, let's be fair: This person didn't say that Windows was inferior to his choice, he merely implied that Windows was so badly broken that to run it at all is to be vulnerable.

While such a comment isn't particularly constructive in this context, it is different in tone from saying that it's inferior to some choice he has made. For all we know, the person making the comment is required by his job to use Windows and is expressing frustration as a user.


I think he said it as a joke. Possibly sarcastically alluding to the standard quips made at Microsoft's expense.

So, in other words, I don't really think the poster implied anything at all in his comment. He was downvoted for cracking bad jokes on HN, not for making a poor argument.


It's also the sort of comment best left for Slashdot.


Along with "$" replacing the "S" in MS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: