Yet another hole in Microsoft’s windows

The latest security vulnerabilities discovered for both the Windows shell for XP and Winamp; allow a remote attacker to compromise your system by simply sending you a plain old MP3 or WMA(windows format) file and you system can be compromised. Does that bother you? It bothers me, their was a time when I laughed at people who thought they could get a virus, or get “hacked” by downloading pictures or music files. Apparently because of bad programming on the part of both Microsoft (big surprise) and Nullsoft we can no longer trust any external data source, for example look at Microsoft many security holes and vulnerabilities for Internet Explorer (how many are their now 20? 30?). For Nullsoft this is disappointment their featured product (Winamp) has been admired by many internet users including myself.

For windows XP users here’s the real question: If I’m running windows XP in some restricted login, IE “guest” does the remote attacker get access to the whole system or just read access to the parts of the system the logged in user has access to, which is best the whole idea behind windows XP, better security through a more Linux like approach, using separate security credentials for separate user groups. This has long been the practice of corporate America using Windows NT in TS. The bottom line is, if windows XP was made correctly users should be protected if they execute all their tasks from a restricted login, that way if a hacker/virus/worm does infect the system it can only go so deep and worse case scenario is it deletes all your documents.