An excerpt of one of the two vulnerabilities responsible for today's security update:
In Microsoft Security Bulletin MS04-025, Microsoft describes a critical vulnerability in the way Internet Explorer processes .GIF and .BMP images. An attacker can use malicious images on a web page or in HTML-formatted email messages. If the attacker can convince a user to visit the web page, open the message, or otherwise view the image, the attacker may be able to gain control of the user's machine.
I blame these constant, and ever more laughable windows security problems on their closed source software model. There are dangers in running software on your machine that can only be audited for security by the people who get rich selling it to you. There are many rants to be had in situations like this, and counter-rants, but this I feel is the largest problem with closed source applications. The code simply doesn't "get out enough" and winds up with these sociological disorders.
Posted by jesse at July 31, 2004 12:06 AM