The goal of the exploits was to open Explorer and trick targets into running malicious code.
  • EpicFailGuy@lemmy.worldEnglish
    1·
    4 months ago

    Yall remember eternal blue? no? only me?

    Yeah … im never putting any of Micro$oft products on anything I need to be secure … ever

    • lud@lemm.eeEnglish
      01·
      4 months ago

      Remember regreSSHion?

      All software has serious security vulnerabilities.

      • EpicFailGuy@lemmy.worldEnglish
        0·
        4 months ago

        RegreSSHion is overblown … it was quickly patched and it was not reliably reproducible every time. It depended on “Luck” to have pointer fall on the right memory space in order to allow the code execution.

        I think Terrapin was much much worse … and log4j … log4j was a DISASTER … but point taken.

        I wasn’t shrilling my choice of OS tho, I think eternal blue is a lot worse than those other CVEs because the NSA KNEW about it and did not disclose it, and because Windows has a much wider user base of clueless users that easily fooled.

  • conciselyverbose@sh.itjust.worksEnglish
    0·
    4 months ago

    The fact that Windows hasn’t solved the “fake extension” scam is wild. You can’t make people not click stuff, obviously. But you absolutely could identify double extensions clearly intended to confuse people and give some kind of “this isn’t a PDF” warning.

    • TimeSquirrel@kbin.melroy.org
      0·
      4 months ago

      Shit, I remember having to wipe my boss’s computer back in '03 because he clicked on an attachment called something along the lines of “bigtiddies.mpeg.exe” or some shit.

      • demonsword@lemmy.worldEnglish
        01·
        4 months ago

        Shit, I remember having to wipe my boss’s computer back in '03 because he clicked on an attachment called something along the lines of “bigtiddies.mpeg.exe” or some shit.

        I could almost hear The Office theme song playing while I was reading that

  • BigDanishGuy@sh.itjust.worksEnglish
    0·
    4 months ago

    If it’s a zero day then Microsoft didn’t know about it. If Microsoft knew about the exploit for a year it was not a zero day.

    • Echo Dot@feddit.ukEnglish
      0·
      4 months ago

      Zero Day just means that you have zero days to fix it before it becomes a problem. Doesn’t mean that you actually take zero days to fix it.

        • Grimy@lemmy.worldEnglish
          1·
          4 months ago

          A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor has zero days to prepare a patch as the vulnerability has already been described or exploited.

          From wiki