Patreon LogoYour support makes Blue Moon possible (Patreon)

Important Announcement if you are running Windows

Vekseid

Vekseid

Most imposing inkwell.
Administrator
Joined
Jan 8, 2009
Microsoft announced a particularly stunning security vulnerability this morning. It's actually a part of the overall Hacking Team leak and has been discussed for some weeks now, and has been in the wild for some years.

For some reason I completely spaced and had assumed that this was constrained to Flash, because, well, it's Adobe.

Remote kernel mode code execution in a font library that's been a part of Windows since Windows 2000. It doesn't matter what browser you use - Internet Explorer has supported embedding Opentype fonts in its own proprietary way since 5.5, and all other browsers have supported it for many years now.

If you are running Vista or later, please run Windows Update and ensure your system is up to date.

If you are still stuck on Windows XP or 2000, you will want to upgrade or switch to a non-Windows system.

This is easily the most serious vulnerability to ever be revealed for Windows. All you have to do is visit a bad or hijacked website.

As an aside, if you have Adobe Flash installed, I would highly recommend removing it. The more people who get rid of Flash, the more websites will stop relying on it, and the less you'll miss.

Likewise, if you have Adobe Acrobat Reader installed, consider replacing it with Sumatra PDF or Foxit Reader.



Be safe, people.

Also, since not everyone is going to click the announcement, please make sure your friends and family are aware of this (here and elsewhere).
 
My laptop got hacked and it is so bad. I can only use mobile now. I can't open a webpage on my laptop without pop-ups and it keeps asking me to download Adobe Flash. My laptop is literally unusable. Between pop-ups and trying to force me to download Flash Every time I go to any site.
 
You try nuke & pave? : /

It really helps if you have a second machine you can pull important files to, though. If you know a tecy friend they may be able to help.

sinfulrook said:
I just recently started to get into programming, and as far as I can tell... This is a GIGANTIC oversight that should not have ever been revealed, ever.

Also, I believe that enabling DEP (Data Execution Prevention) would avert this situation, no?
Click to expand...

No, the .dll is loaded into the kernel's context. The kernel can do whatever the fuck it wants.
 
I'm getting a tablet PC this weekend so I SHOULD be good after this weekend. Like nothing I do works. Everytime I try to do anything it sends me to this weird "Microsoft" site saying I need to download Flash. So I just stopped using my laptop.
 
Am I reading this right, Windows 8 users most likely have a security updated downloaded already? (when set to autodownload these)

I deinstalled Flash but aside from that, I am way too dumb with computers to do any of these things, I believe, without majorly fucking up my system
 
I know this is talking about Windows/Microsoft users. But what about Mac users? Are any of us at risk for this? Also, we still use programs like Flash, etc.
 
Yeah, this is mostly to try to catch people who don't have auto-reboot turned on or to try to catch people who have broken updates somehow.

As for Mac users, the thing about Flash is that exploits for Flash are absurdly common. Would you really miss it if it was gone?

Which reminds, I need to switch the Youtube embedding here to iframe mode >_>
 
I can't really uninstall Flash because there are enough video players on the internet that do still use Flash that I WOULD miss, but yeah this was awful. This is the same exploit that was discussed a week or so ago right? If so I already updated to safety, thankfully.

EDIT: Oh no, I just re-read. I see the update, will install now.

DOUBLE EDIT: So KB3079904 has been successfully installed, woop! This means that I'm safe, correct Vek?
 
Vekseid said:
You try nuke & pave? : /

It really helps if you have a second machine you can pull important files to, though. If you know a tecy friend they may be able to help.

sinfulrook said:
I just recently started to get into programming, and as far as I can tell... This is a GIGANTIC oversight that should not have ever been revealed, ever.

Also, I believe that enabling DEP (Data Execution Prevention) would avert this situation, no?
Click to expand...

No, the .dll is loaded into the kernel's context. The kernel can do whatever the fuck it wants.
Click to expand...

Which is why Windows users are always so very very vulnerable to everything! :D

Since I have Win7-x64 I did the renaming thing and restarted. I can't exactly uninstall flash due to me using YouTube basically every single day. I would use HTML5 for it, but HTML5 seems to be a tad... Choppy, so to speak. It surprisingly uses a lot more resources for videos.
 
Is there an alternative for adobe flash player? Messages at the start of videos keep telling me that my current flash player is not secure and that I need to update. I can still watch the video and play flash games after clicking on "activate flash player" followed by "allowing this time". Now the real problem is that whenever I try to instal the newest version of adobe flash player I get only a blank screen. I allow the installer to instal adobe flash player and then nothing happens. And when I close the window of the installer after nothing happened internet explorer opens up automatically with the main site of adobe and the instaling program vanishes from my desktop. That happens every single time when I try to update adobe flash player! Now I'm trying to find an alternative flash player.
 
As a Mac user, I don't mind deleting Flash all together and using an alternate. Thing is....what is the best alternate? Same for Acrobat. As it is, I save/view all my PDFs in Preview anyway (despite having Acrobat), which comes standard with Mac. Browser wise, I use Firefox on my laptop even if I do prefer Safari. It's just that most sites don't seem to like Safari overly much and thus don't always load properly whereas with Firefox you seem to avoid that problem entirely. Anyway, given that bit of info, any suggestions as to alternates for the Mac user?
 
Safari is becoming the new Internet Explorer. Even IE these days has begun dipping its toe into the evergreen waters (the continual rolling updates that Chrome/Opera/Firefox now perform). I think this has a lot to do with Apple having a vested interest in the web not becoming the uber-platform. Pretty sure this is a lost cause on their part.

As far as pdf viewing, apparently Preview is about as good as anything you'll find in the PC alternatives.

As for Flash, apparently Unity Web Player includes Scaleform GFx which supports up through Flash 10 (now on version 18...). Unity is trading one demon for another, though.

GNU Gnash is even older, unfortunately, only supporting through Flash 7.
 
So basically continue not to bother with Acrobat and stick with Preview. That's fine. And I'm pretty much stuck as far as a Flash type program goes for the time being. Am I right in how I'm reading this? As for browsers, is it better to stick with Firefox or suck it up with some of the quirks Safari has with certain things?
 
You can see if you prefer Chrome or Opera instead. Chrome tends to be a bit overeager about breaking things... you may find Opera (which runs on the same engine Chrome does, which itself is a distant fork of Webkit which powers Safari) provides a more polished experience.
 
Ok. I'll look into Opera. I've tried Chrome in the past and wasn't overly fond of how it ran and such. So I shall give the other a look see.
 
Revnarh said:
Is there an alternative for adobe flash player? Messages at the start of videos keep telling me that my current flash player is not secure and that I need to update. I can still watch the video and play flash games after clicking on "activate flash player" followed by "allowing this time". Now the real problem is that whenever I try to instal the newest version of adobe flash player I get only a blank screen. I allow the installer to instal adobe flash player and then nothing happens. And when I close the window of the installer after nothing happened internet explorer opens up automatically with the main site of adobe and the instaling program vanishes from my desktop. That happens every single time when I try to update adobe flash player! Now I'm trying to find an alternative flash player.
Click to expand...
I have the same happen to me.
 
From Flash, yes.

Make sure you're up to date on Windows Update though.
 
Man I have no idea how to react to this. Adobe is a big name and I'm not the most computer illiterate.
I use Opera because I like hotkeys on my "home page" but freaking opera keeps updating with less and less and LESS control over it. I used to be able to at least control the size and number of hotkeys in a row and refresh the icon to reflect the newest page and now I can't even do any of that!!! When i first used it 5 years ago it had SOO much customization it was amazing and now?
Foxfire keeps getting adware on it and google chrome keeps having some adware for it's main page and not freaking google and I'm lost on how to fix it.

So ya. rambled a little but, big question, Is it worth updating to windows 10? I have a windows 7 OEM disc and I plan on refreshing everything when I buy a new hard drive and i'm considering it but I HATE windows 8.

I miss my bookmarks of old....
 
Not planning on upgrading personally, but that has more to do with testing >_>
 
You must log in or register to reply here.
Back
Top Bottom