If you have QuickTime installed, there's an update, QuickTime 7.6, that fixes some security bugs. They could result in remote code execution or just a QuickTime crash.
Since most of the vulnerabilities they're fixing are buffer-overflow attacks, this would also be a good time for Windows XP / Vista users to check that their hardware-enforced Data Execution Prevention is fully enabled, as a proactive defense. You can reach the Data Execution Prevention settings by right-clicking My Computer on the desktop screen or the Start menu, choosing Properties to open the System Properties panel (and then clicking System Protection if you have Windows Vista), and then doing what's shown in this picture to fully enable the protection. Naturally, you'll need to be logged in as an Administrator-level user to change this setting.
If fully-enabled Data Execution Prevention makes some of your legit software crash, you can use the Add button on that panel to add that software as an exception. Before doing that, see if there's a patch or updated version of the software that doesn't trigger DEP, because it really should not be doing that in the first place.
On the computer-security tangent, I did a writeup of a Windows worm that's getting a lot of press coverage at the moment, so if anyone finds such things interesting, here you go: http://forums.anandtech.com/messageview.aspx?catid=76&threadid=2268929 This is about the Conficker.B / Downadup / Kido worm, which infects portable devices and also spreads on the network by a couple different mechanisms. It's not very noteworthy, other than the amount of press coverage it got, but whatever :tinfoil:
Since most of the vulnerabilities they're fixing are buffer-overflow attacks, this would also be a good time for Windows XP / Vista users to check that their hardware-enforced Data Execution Prevention is fully enabled, as a proactive defense. You can reach the Data Execution Prevention settings by right-clicking My Computer on the desktop screen or the Start menu, choosing Properties to open the System Properties panel (and then clicking System Protection if you have Windows Vista), and then doing what's shown in this picture to fully enable the protection. Naturally, you'll need to be logged in as an Administrator-level user to change this setting.
If fully-enabled Data Execution Prevention makes some of your legit software crash, you can use the Add button on that panel to add that software as an exception. Before doing that, see if there's a patch or updated version of the software that doesn't trigger DEP, because it really should not be doing that in the first place.
On the computer-security tangent, I did a writeup of a Windows worm that's getting a lot of press coverage at the moment, so if anyone finds such things interesting, here you go: http://forums.anandtech.com/messageview.aspx?catid=76&threadid=2268929 This is about the Conficker.B / Downadup / Kido worm, which infects portable devices and also spreads on the network by a couple different mechanisms. It's not very noteworthy, other than the amount of press coverage it got, but whatever :tinfoil:
Last edited:
