dlowan wrote:Any news on what it DOES?
This exploit uses a maliciously configured help file to traverse zones and can then execute arbitrary code in the local zone.
Because it can execute code there is nothing this exploit can't do.
I have, in testing this exploit, erased files from the test computer at whim, and this exploit can be used to do anything that can be done from command line.
If you don't understand it here is the simple version:
If you visit a website that contains certain malicious code, it can do what it wants to your computer unless you patch it.
------------
The windows patch for this update downloads and installs in mere minutes, and doesn't need a post-patch reboot.
So upgrade people, there's no excuse. When the script kiddies figure out how to use this there is great potential for havok (the first people to use it will be people trying to get spyware onto your computer).