From the Microsoft Security Response Team press release:
But the update deemed by analysts to be most important is [number] which patches a critical bug in [component] used by Windows [product] and [product]. The flaw can be leveraged by a hacker to hijack a supposedly
protected PC, because the [component] improperly parses [data], Microsoft said. Attackers could feed malformed [data] to PCs via e-mail, for instance, and grab control of the machines without any interaction from users.
So far nothing out of the ordinary, a standard day in the life of windows, I am sorry to to say, but the kicker comes in the last sentence of news:
According to Microsoft, the attack vector hasn't been used yet by attackers.
Now let's recap how logic works: you start with a premise (to prove) of the form for all X -> Y holds true. To prove it you need to examine all X. This is, in most cases impossible, but to prove the opposite is easy: as long you can find at least one example where it does not true, then you can say ~(X -> Y).
So according to the press release we can only conclude that either Microsoft has knowledge of how each infected PC in the world (that is running Windows) got compromised or that the spokesman is lying.
Ahh, that trick middle school logic...
No comments:
Post a Comment