[CS-FSLUG] Another Major MS Windows Security Flaw

[Nathan T.]

As I understand it the vulnerability can be spread by more than just
bad web pages, it's a problem with how Windows handles image files so
even e-mails and (as reported on /.) even IM messages including
pictures can allow for easy infection of the host computer simply by
including a malevolent image file.

I've also gotten the impression that Microsoft made it possible for
several formats including this one to have embedded scripts in it,
what purpose besides having something run covertly would there be in
having scripts run invisibly when a user open a file that shouldn't be
executable?

This really begs the question as to who has the worse intentions here,
Microsoft who is building all these backdoors into Windows for who
knows what, or the "hackers" who exploit these backdoors for their own
bad intentions, but at least make such "vulnerabilities" known.

ActiveX embedding in the web browser , script embedding in documents,
pictures, videos and music files, and all without the user ever having
to know something is happening. How is that not leaving the doors
gaping open, and to add on the the existing manure heap, still no good
way to separate privileged users from non privileged ones without
running into annoying bugs due to the hacked in nature of that late
addition to Windows. Too bad my laptop isn't passably supported by
Linux yet :-( .