If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
WMF Exploit
Hi all just read on my Microsoft Security Blog they will be releasing a
patch for it on Update Tuesday 10th. Below is what was posted. Joan Hi folks- Kevin Kean here again. We here in the MSRC have been hard at work on this WMF vulnerability and so I wanted to provide you all with an update on the situation. When the MSRC learned of the attacks on December 27, 2005, we mobilized under what we call the Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope and determine and the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement. Based on that process, we have finished development of a security update to fix the vulnerability and are testing it to ensure quality and application compatibility. Our goal is to release the update on Tuesday, January 10, 2006, as part of the regular, monthly security update release cycle, although quality is the gating factor. Customers will be able to get the update through all the usual deployment tools: Microsoft Update, Windows Update, Automatic Update, the Download Center and Windows Server Update Services. As we've noted in previous posts, we have been carefully monitoring the attempted exploitation of this vulnerability through our own investigative process as well as partnering the industry and law enforcement. Although the issue is serious and malicious attacks are being attempted, we have found that the scope of the attacks is not widespread. AV companies have also indicated that attacks are being effectively mitigated through up-to-date signatures. To help protect against any attempted exploitation while the security update is being developed we really want to continue to urge customers not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. More guidance for consumer customers can be found here http://www.microsoft.com/athome/secu...ng_safety.mspx. We also encourage enterprise customers to continue to review the information in the security advisory as well: http://www.microsoft.com/technet/sec...ry/912840.mspx. Best, Kevin *This posting is provided "AS IS" with no warranties, and confers no rights.* |
#3
|
|||
|
|||
WMF Exploit
Hi, Mike,
Mike M wrote: Perhaps of some relevance to those running Win Me and other Win9x systems is: ..in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw. ...all versions of Windows back to 3.0 have the vulnerability in GDI32. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files... This seems to be the current thinking on this vulnerability. I've read similar comments in some other postings. However On other platforms, unless you have installed your own vulnerable default handler for WMF files, the likelihood of compromise even when a system is bombarded with malicious WMFs is low Those running XnView or IrfanView need to be especially careful even on Win Me. I checked the association for WMF files on my Windows ME machine, and surprisingly (at least to me), the file extension was associated with Microsoft's Picture It Express. This application came as an OEM installed application when I first got the computer over five years ago. I have a few photo editing applications installed and didn't expect to see Picture It Express as the default handler. There may be associations with the WMF files that some users may not even be aware of. For more info see: http://blog.ziffdavis.com/seltzer/ar.../03/39684.aspx Remember though that Microsoft are far from infallible and may well be wrong and Win 9x systems may well also be vulnerable. Time will tell. I absolutely agree, but I think there is a lot of potential upside for this vulnerability on Win 9x systems. I'd still feel better about it if MS issued a patch for these OS's as well. Cheers, Tom |
#4
|
|||
|
|||
WMF Exploit
Thanks for the follow up Mike, just thought I would post the info here as
I know that quite a few in here run XP as well g I'll carry on with my Safe Sex (oops I mean Hex) Joan Mike M wrote: Perhaps of some relevance to those running Win Me and other Win9x systems is: ..in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw. snip |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
"Patch" for shmgvw.dll exploit | Heirloom | General | 32 | January 5th 06 01:16 AM |
DSO Exploit | ViperTwo | General | 5 | January 2nd 05 05:00 PM |
DSO Exploit ?? | PAT (Paul) | General | 16 | December 18th 04 07:21 PM |
Update: "SPYBOT" and "DSO Exploit" | Brad | General | 0 | November 11th 04 05:13 PM |
DSO exploit | John | Internet | 0 | June 23rd 04 10:01 AM |