Computer security experts have recently discovered vulnerability/design flaw with Microsoft Windows that has been part of their operating system that effects all versions of Windows since Windows 2000, including XP, Vista, and Windows 7. (1, 2, 3, 4) "The vulnerability exists because Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the icon of a specially crafted shortcut is displayed. This vulnerability can be exploited locally through a malicious USB drive, or remotely via network shares and WebDAV. An exploit can also be included in specific document types that support embedded shortcuts." -- Microsoft [more inside]
posted by crunchland on Jul 22, 2010 - 84 comments

Its reach is impossible to measure precisely, but more than 3 million vulnerable machines may ultimately have been infected. : The inside story on the Conficker Worm at New Scientist.
posted by The Whelk on Jun 15, 2009 - 84 comments

With its latest security update Microsoft has disabled the ability to pass username:password pairs in URLs. If you usually use this format for connecting to your site via either FTP or HTTP, it will no longer work after you install this update.
posted by johnnydark on Feb 4, 2004 - 34 comments

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.
posted by judith on Oct 11, 2002 - 30 comments

Microsoft Windows + NSA = loopholes in security: "A careless mistake by Microsoft programmers has revealed that special access codes prepared by the US National Security Agency have been secretly built into [almost all versions of] Windows." an interesting article that really shouldnt be surprising, and all the more reason to buy a mac.
posted by sixtwenty3dc on Mar 22, 2002 - 25 comments

FBI warns Microsoft XP users "The FBI is urging computer users to unplug and don't play when it comes to addressing serious security flaws found in Microsoft's new Windows XP program." "Microsoft admitted this week that there are several serious glitches in the new software. " Really?
posted by headlemur on Dec 22, 2001 - 24 comments

Microsoft's newest version of Windows.... billed as the most secure ever, contains several serious flaws that allow hackers to steal or destroy a victim's data files across the Internet or implant rogue computer software. The company released a free fix Thursday.

A Microsoft official acknowledged that the risk to consumers was unprecedented because the glitches allow hackers to seize control of all Windows XP operating system software without requiring a computer user to do anything except connect to the Internet.
posted by bkdelong on Dec 20, 2001 - 60 comments

The Twenty Most Critical Internet Security Vulnerabilities
This is a list of Internet security tips that SAMS and the FBI updated yesterday. The list is really aimed at IT professionals and does not offer much advice to the home user. My advise for any home user who is worried about viruses and security: 1. Don't use Windows OS, any Windows OS (try Linux or Mac) 2. Remove Outlook from your computer. 3. Don't open e-mail attachments you did not ask for.
posted by DragonBoy on Oct 2, 2001 - 10 comments

Win XP's Product Activation as a breeze to hack. Provided that RC1 still ships as is and you keep your RAM locked at a fixed number of sticks, it's simply a matter of keeping a backup of a DBL file. For all the ballyhoo, it's amazing that something this obvious slipped under the cracks. With WPA this sloppy, is this the only half-hearted facet of Windows XP?
posted by ed on Jul 17, 2001 - 36 comments

MSIE leaves the door wide open on your Windows OS... I can't believe that the myriad "security holes" are coincidental... maybe we should call them back doors. I mean, really... who do they think they're kidding? We all know who really wants surreptitious access to our systems. [via Glish]
posted by silusGROK on Apr 3, 2001 - 5 comments

The Winux virus is reported to affect both Windows and Linux boxes/applications. The article says it's "written in a primitive computer language called 'assembly language'." On a side note, who do they get to write these articles? Certainly they are uncomfortable with technology...
posted by fooljay on Mar 28, 2001 - 5 comments

One million credit card numbers stolen! News at 11! The FBI has gone public with a rather dry account of a huge organized attack on ecommerce sites, exploiting security flaws in NT which Microsoft fixed and offered patches for nearly two years ago.
posted by Steven Den Beste on Mar 9, 2001 - 5 comments

Got a windows box? Think your machine is secure? You're probably not. This is a nice free port scanner utility for wintel boxes, give it a test and make sure you don't have any weird services running.
posted by mathowie on Dec 7, 1999 - 0 comments