News.com has the skinny on yet another Microsoft security hole. The problem seems to stem from folder.htt files, special HTML files that control how a folder looks if the "View as web page" function is turned on in Windows 98 or Windows 2000. Apparently any folder.htt file is always considered trusted, enabling someone to run malicious code on your machine if you so much as open a local or remote folder with a booby-trapped folder.htt.
I got a chuckle out of how Windows 2000 reacts to the exploit. According to one consultant, "It seems that at least in Windows 2000, Microsoft attempted to do the right thing. The user browsing the malicious folder is asked whether they wish to execute the script within the Folder.htt file, but regardless of the answer the script is executed." Well, their heart was in the right place.
The bug doesn't seem to be as widespread as the person who discovered it suggests, but it still offers someone the opportunity to run code bad enough to "take over a computer" (though the article doesn't really go into what exactly that phrase means in the context of the bug).
Apparently firewalls will stop the thing, so this mainly seems like one for the home user to be concerned about. The article also isn't too clear on exactly how the malicious code could get stuck into a local folder in the first place; I assume another security vulnerability would have to be exploited to put it there.
|1. BIF - $340||2. Ryu Connor - $250||3. mbutrovich - $250|
|4. YetAnotherGeek2 - $200||5. End User - $150||6. Captain Ned - $100|
|7. Anonymous Gerbil - $100||8. Bill Door - $100||9. ericfulmer - $100|
|10. dkanter - $100|
|AMD drops prices on the Radeon RX 460 and RX 470||3|
|Reports: Radeon RX 470D is a budget Polaris card for China||2|
|Examining reports of slow write speeds on the 32GB iPhone 7||12|
|Cellular Insights dissects iPhone 7 Plus modem performance||10|
|Deals of the week: scads of high-performance storage and more||7|
|Tobii's Eye Tracker 4C knows where your head is||0|
|GeForce driver 375.57 is prepared for Titanfall 2||6|
|Phanteks Eclipse P400 gets a tempered glass option||0|
|Radeon 16.10.2 drivers add support for October's big games||10|
|A real "console monitor" would be 720p @ 30 Hz ;P||+58|