Larry Seltzer of eWeek reported on his weblog that only Windows XP and Windows Server 2003 are vulnerable in a practical sense.
It is true that this vulnerability is in GDI32.dll all the way back to Windows 3.0, but it would appear that Microsoft never set up WMF assocation before Windows XP. Therefore in older systems (Windows 2000/Me/98), the hole is there but much less of a direct threat.
It would seem that F-Secure and iDefense also agree with on this point.
Hopefully Microsoft will come out of the fog and start to see that allowing everything in the OS to run code by design isn't a good thing.
On a side note, HexBlog was taken down by its ISP for a short due to huge traffic flows. It would seem that Hexblog was slashdotted or dugg. =)
UPDATE - Alex Eckelberry of SunBelt has provided alternative download points for both the unofficial patch and checker.
UPDATE x 2 - Since high traffic make the ISP cut off Ilak's HexBlog. CastleCops has stepped up and offered him a home for now. See the new Hexblog forum.
No comments:
Post a Comment