News.com has the skinny on yet another Microsoft security hole. The problem seems to stem from folder.htt files, special HTML files that control how a folder looks if the "View as web page" function is turned on in Windows 98 or Windows 2000. Apparently any folder.htt file is always considered trusted, enabling someone to run malicious code on your machine if you so much as open a local or remote folder with a booby-trapped folder.htt.
I got a chuckle out of how Windows 2000 reacts to the exploit. According to one consultant, "It seems that at least in Windows 2000, Microsoft attempted to do the right thing. The user browsing the malicious folder is asked whether they wish to execute the script within the Folder.htt file, but regardless of the answer the script is executed." Well, their heart was in the right place.
The bug doesn't seem to be as widespread as the person who discovered it suggests, but it still offers someone the opportunity to run code bad enough to "take over a computer" (though the article doesn't really go into what exactly that phrase means in the context of the bug).
Apparently firewalls will stop the thing, so this mainly seems like one for the home user to be concerned about. The article also isn't too clear on exactly how the malicious code could get stuck into a local folder in the first place; I assume another security vulnerability would have to be exploited to put it there.
|Nvidia Titan V brings the power of Volta V100 to desktops||122|
|Thermaltake's Nemesis Switch has enough buttons for all your macros||10|
|Zotac Gaming MEK1 PCs have the requisite pieces of flair||5|
|Toshiba's latest hard drives store 14 TB without shingles||57|
|Friday deals: a motherboard trio, a cheap CLC, and a rodent||11|
|GeForce 388.59 drivers are ready for the Titan V apocalypse||5|
|Lite-On MU-X SSDs continue the affordable NVMe onslaught||37|
|Chrome 63 puts bad sites in solitary confinement||18|
|Empty your iPhone onto the Adata i-Memory AI720 drive||12|
|Can I borrow one when you pull the trigger? ;)||+28|