Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Windows

Two new Windows exploits in the Wild | Wordpad Text Converter | Internet Explorer 7 XML Parser

In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently "limited and targeted" attacks against a flaw with the Text converter component of Wordpad. Affec…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

In the wake of a huge patch Tuesday, Microsoft has two new fires to be fighting. There are apparently "limited and targeted" attacks against a flaw with the Text converter component of Wordpad. Affected systems include Windows 2000 SP4, XP up to SP2, Server 2003 SP1 and 2. Vista is not affected Server 2008 is not affected, XP SP3 is not affected. Read on for more on this one (AND the Explorer 0-day)

This particular exploit requires user interaction. So, this one seems to be exploited by sending a specially crafted file as an email attachment. The user clicks to open it and they're bit.

Computer World has more details.

On the OTHER front - that is Internet Explorer:

Sans is reporting a 0-day vulnerability in the wild for Internet Explorer that affects a fully patched XP system (yes INCLUDING December's patch Tuesday updates.) The exploit is not in wide use currently, but the source code is available so.... buckle up it's going to be an interesting month. I wonder if we'll see them actually break their patch cycle for this one. It would be a GOOD candidate to patch before the holidays.

It looks as though the XML parser is under attack in this one - The attack tests to run on Internet Explorer 7 only on Windows XP or Windows 2003.

They haven't tested on Internet Explorer 6 or Vista.