FYI

Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft

 

How soon should hardware be obsoleted by the OS? 1 year? 2 year?

 

2 weeks :golfclap:

 

I have the other perspective how long should it take to have software that finally utilizes the hardware? 1 year 2 years?

I was pissed by microsoft draggin their feet and even more so by hardware manufacturers not bringing 64-bit drivers to market quick enough. Or intel finally getting a 64-bit processor after AMD. How are we ever going to move forward if everyone keeps dragging their feet?

 

Do you seriously have any idea why people would NEED 64-bit support? Just curious.





Sure, I'd buy it for my next build but, most people are not going to benefit from it.

 

I still think thats a pretty good response time. Yes it stinks that this hole was there, its been there for a long time and only recently (after Microsoft basically told everyone that it was there ) did anyon attempt to exploit it.

 

Exactly! I have no reason/desire to. Not as long as the internets are run on better/higher performing/more scalable/more stable/more open alternatives.

 

So... your posts more or less made sense up till here (or at least up until this one, I couldn't outright say they were baseless, not being too familiar with DEP etc).

But how would you suggest configuring such a firewall? You'd have to write a firewall that understand the HTTP protocol, and knows to block when your machine requests a WMF file. Then of course, someone could make you download via FTP, so your firewall would need to understand that too.

But what if it comes as an e-mail attachment?

Is your firewall supposed to inspect every byte in every packet that comes into your computer, searching for what resembles a WMF file header?

I just can't see such a solution working.

And in all honesty, while I'm not sure about the DEP solution, I'm not even sure if that'll work. I haven't seen any information that suggests that this is a buffer overrun type problem yet. Did you try enabling DEP and clicking on Jason's link btw?

 

It is possible for a firewall to understand HTTP, FTP(This is actually very useful), SMTP, etc, etc. It just takes more processing power. Then again, the data may be encrypted...

I would not call this a solution though. Only a workaround like the steps I posted for disabling the DLL. You are sacrificing part of the product's functionality. It would be like Honda saying not to rev the S2000 > 6,000 rpms to prevent a scorched #1 cylinder. Sure, it may prevent the problem. But that would also be a workaround and not a solution. A solution lets you use the product as it is intended while fixing the defect.

 

anything that prevents the problem from occurring could be considered a "solution." I wouldn't call your disabling a "fix," either. A better one would be right-clicking on a .wmf file, selecting "Open With," and "Choose Program." Select Notepad, make sure "Always use..." is checked, and click OK. All *.wmf files will now open with Notepad, unless you open them with an image program explicitly. Another fix would be to delete all emails with attachments unless you know exactly what the attachment is, the sender, why they sent it, and were expecting it. Basically, the same guidelines for handling email attachments in general.

The sky isn't falling, and yet another exploit for Windows via email attachments is hardly cause for concern. Hell, the default setting on Outlook restricts attachments, so if you can't be bothered to change even a single setting, you won't be getting attachments as it is.