Microsoft vulnerability

In this bulletin from Microsoft, they publicly address a vulnerability that could possibly allow a program to open another program. If you save a file such as .txt, .rtf, .doc, and open it, then under certain conditions, the file will be open other files and run it. This exploitation could allow attackers to gain access to the users information because if there happened to be a corrupted file on your hard drive, one of the files that could be potentially ran is the corrupted file.

Because most users have automatic updates through Microsoft, this takes care of most of the problems. However, those who do not have automatic updates need to check for the updates.

This vulnerability is completely preposterous. How incompetent are Microsoft’s programmers that they are not able to catch something like this before the final program is released to the public? Opening something as simple as a text file should never, under any circumstances, be a vulnerability.

http://technet.microsoft.com/en-us/security/bulletin/ms11-071

Advertisements