>An attacker must convince a targeted user into opening a specially crafted JET database file in order to exploit this vulnerability and remotely execute malicious code on a targeted vulnerable Windows computer. I'm not worried.
>Microsoft Jet Database Engine >must have specific configuration (non-default) for it to work do you guys even read the article before sperging? sure, its bad that they didnt patch it in 120 days but its not like its a bug in MS Word, its something most users dont have installed anyway.
Eli Carter
the only thing stopping people from switching to ubuntu or some shit is gaymes. Come on steam fucking move it already.
Jack Collins
Would embedding the file inside a jpeg work still?
Carter Morales
>activexobject So just don't use IE or Edge.
Jack King
Trannies on the left, jokers to the right, stuck in the middle with you
Julian Cooper
The only person who could patch it was kicked of the team because he said a mean thing which violated the CoC.
Oliver Stewart
behind every buffer overflow there's a pajeet.
Leo Diaz
This. LINUX IS DEAD
Jaxson Reyes
It's bundled with the OS, you arseweed!
Owen White
Trannies to the left of me Apples to the right Here I am Stuck on Day Zero with you
Jeremiah White
What the fuck are you doing, user? I'm pretty sure that web browsers aren't allowed to open ODBC connections anyway if that's what you're insinuating. I think you'd have to run it with cscript or wscript. Based
Brandon Rivera
Gentoo doesn't have this issue
Nathaniel Harris
No wonder this shit wasn't patched >all versions of Windows! Why sensationalize it like this when it only applies to a specific subset of people using a specific subset of outdated technologies. This doesn't apply to anyone and they should deprecate it instead of fix it.
Bentley Jackson
explain is muh windows 10 lgbt affect
Jacob Jackson
Do you use IE, have activex enabled, and manually approve connections to databases that you're unfamilliar with?
Jack Martinez
yes yes no
Kevin Perry
>HOW CAN MICROSOFT EVER RECOVER? Same way as always. Windows users are basically Masochists so MS ignores the exploit for a few years until the users accept that's the way Windows is. Then, in a series of intrusive and overly long and complicated "fixes", it is "addressed", breaking several other functions in the process. Final "fix" is to upgrade to the latest release, which has its own problems. Naturally, the new release will be called the Most Secure Windows Ever. Whatever that means.
Nathaniel Myers
Looks like you goys on windows 7 will have to pay the subscription to get security patches now.
Aiden Torres
> Warning: This object is a Microsoft extension and is supported in Internet Explorer only,
Finally, finally, yes, finally this will force all the dipshits that still use IE to either ditch it or get annihilated.
Microsoft, do not fix this vuln. It's the only way to finally kill IE FOREVER. Do not fix it, let the IE dipshits get destroyed.
In fact, I hope somebody did this to save web devs from supporting that ancient piece of shit.
>"remotely exploitable" I mean, I'm not defending Microsoft or saying this bug is noncritical or anything, but to call JS phishing "remotely exploitable" is pretty bad headline journalism.
Leo Ortiz
Gentoo will soon not have a kernel though.
Zachary Morris
>I think you'd have to run it with cscript or wscript. In that case there wouldn't be any point in using a Jet database to do the exploit though, would there? If you're running in cscript/wscript, you already have full privileges. I'm assuming that ActiveX object is allowed in IE since Jet is deemed "safe" by MS.
Jordan Kelly
>In fact, I hope somebody did this to save web devs from supporting that ancient piece of shit. Correct me if I'm wrong, but recent versions of IE don't really do anything particularly evil to web devs, do they? Noone's actually using IE6 anymore.
If anything, since the utter and total demise of both Firefox and Chrome, I don't really see why using IE would even be worse than anything else.
Isaac Perry
IE 10 and 11 have much better support for web standards compared to previous versions. However that doesn't make them viable choices for browsers, since they do not support or implement many modern web APIs (web audio api) , modern Javascript features (es6+) and modern CSS (grid) and there will not be any new version of IE.
Bentley Nguyen
>mission critical hardware will die because of some transvestite faggot's feefees
Michael Foster
gentoo is not tied to linux kernel and can use bsd kernels as well
Lincoln Morgan
20+ years ago, "remotely exploitable" meant a daemon vulnerability, a Web app vulnerability, and whatnot. It then started becoming more of a FUD/marketing term applied to everything from browser vulnerabilities (which I suppose is fair) to malicious-file vulnerabilities requiring someone to download a file and open it.
i only browse Jow Forums and youtube so i should be safe
Liam Bailey
Haha, very cool
Levi Wright
Has it been patched? I know I'm not affected by this but still I'm wondering.
Dominic Allen
>to call JS phishing "remotely exploitable" is pretty bad headline journalism It's not that misleading. Keep in mind that a LOT of big newspapers and web services and advertisement networks have been spreading malware time and time again. You write your little exploit and you take out an advertisement which is allowed to use JavaScript (previously flash was the bigger problem) for some reason (why do they allow random companies to run JS?) and now you get to infect all those who are dumb enough to read the washington posts propaganda.
I know, it's not like you can nc some port and you're in - which is what used to be "remotely exploitable". But some aunt checking her Facebook & getting 0wned via an advertisement isn't all that far from it.
Regardless of how you look at it: This is pretty bad on Microsoft's part. 120 days - four months - is a very long time for something like this.
Luke Edwards
What if I'm running Win XP, does this affect me?
Cooper Perez
what is proton?
Mason Hernandez
I doubt it They could make an OS that carries out surveillance for the state and people would still use Windows. Oh wait.
Robert Ross
Oh yes. I do hope the day comes when I can switch to linux fulltime and enjoy all the half-assed ripoffs made by people who don't know good design even if their lives depended on it and constantly being told I use it wrong no matter what.
Elijah Russell
inb4 patch only available on Windows 10 inb4 used by Microsoft to push people out of the better versions
Isaiah Martinez
>ActiveXObject >2018
the absolute state of winpoo
Kevin Harris
That's just asking for a lawsuit
Jason Morales
Everyone at my work place used IE. Always complained about viruses, but refused to use another browser because it wasn't "approved by Microsoft". One afternoon, I install Firefox with HTTPS everywhere and UO, on all the computers. I then use Resource hacker to switch out the Firefox icon with the IE icon. >Hey, my internet is different! >Different how? Can I take a look? >Look! It's different! >Ah! They must have pushed out the update finally! They've been talking about a redesign for months! It turns out that my boss was the only one with a computer at home, and he knows what I did, and he approves. mfw this ruse worked.
Then linux is dead. Windows no longer secure. MacOS? lol
Landon Ross
> LGBT/Lanux ha ha ha, no
Gavin Mitchell
>browser vulnerabilities (which I suppose is fair) I think it is not. "Remotely exploitable" means that the attacker can exploit his target with an unsolicited connection of his own to the target system, not that the target has to be phished into connecting to the attacker.
Landon Myers
>HTTPS everywhere HTTPS doesn't deserve to be used until root CAs are abolished. Don't encourage it. Don't use it unless absolutely necessary.
>Noone's actually using IE6 anymore. Oh if only this were true. We have to support it with our web platform because a small percentage of UK healthcare professionals do still use IE6.
While I don't disagree that JavaShit was a mistake, this particular exploit is actually caused by Microsoft allowing access to ActiveX in unauthenticated JS, which is truly something that only Microsoft would do.