SoylentNews is people
SoylentNews
El Reg reports
Microsoft has patched 25 software vulnerabilities--including bugs that allow hackers to hijack PCs via Internet Explorer, Word and Excel files, and Visual Basic scripts.
Microsoft said its December's edition of Patch Tuesday includes critical fixes for Windows, Office and Internet Explorer as well as a patch for Exchange.
MS14-80: Addresses 14 security flaws in Internet Explorer, including various remote-code execution vulnerabilities and an ASLR bypass. The patch is considered a low risk for Windows Server systems, but critical for desktops, laptops and tablets. All the flaws were privately reported, and credit was given to various independent researchers as well as the HP Zero Day Initiative, Qihoo 360 and VeriSign iDefense Labs.
MS14-81: Two vulnerabilities in Word and Office Web Apps that allow an attacker to remotely execute code on targeted systems if the victims open booby-trapped documents. This update also applies to users running Office for Mac. Credit was given to Google Project Zero researcher Ben Hawkes, who privately reported the flaws to Microsoft. Rated as Critical.
MS14-84: A remote-code execution vulnerability (CVE-2014-6363) in the Windows VBScript engine can be exploited via a specially crafted webpage. Credit for discovery was given to SkyLined and VeriSign iDefense Labs. Rated as Critical.
The article also mentions Adobe software and Linux. Are any Soylentils running that combination?
(Score: 4, Insightful) by Justin Case on Friday December 12 2014, @12:50AM
It seems obvious, but somehow the teeming masses still don't get it... whoever writes programs that run on your thing gets to control what your thing does. Don't run programs from people you don't trust!
How to distinguish programs from data files?
How to tell whether a random click will "run" something instead of just "opening" it?
How to decide which strangers to trust?
Unsolved problems, all. Computers are still an experimental technology. Who told you they were ready to be relied upon?
(Score: 2) by mcgrew on Friday December 12 2014, @03:40PM
How to distinguish programs from data files?
In *nix, if the "execute" bit is set, it's a program, otherwise it's a file. That's actually one of Windows' biggest security problems, that it detects executables by extension, there are several executable extensions, and what's worse, the extentions are hidden by default, so when you send picture.jpg.exe in an email, most Windows users will only see picture.jpg. Stupidly (or uncaringly) dangerous.
What's worse is that many Windows data files are actually "active content"; you can take over a Windows computer with a wma file, unlike the data-only ogg or mp3.
Carbon, The only element in the known universe to ever gain sentience
(Score: 0) by Anonymous Coward on Friday December 12 2014, @08:52PM
there are several executable extensions
Actually, DOZENS. [googleusercontent.com]
Scroll down past the As a minimum, we recommend blocking the following file types thing. (orig) [governmentsecurity.org]
and what's worse, the [extensions] are hidden by default
In the history of software design, this has to be the most monumentally stupid decision ever.
Of course, MICROS~1 -had- to do this or the dunderheads who continue to use the most-fragile OS could easily alter the extension while renaming one of those files, requiring a call to the Windoze support crew.
gewg_