The_Sith Posted January 4, 2006 Share Posted January 4, 2006 A new vulnerability has appeared recently that allows dangerous files to be put in image files. Microsoft is currently working to fix this problem - they would not, however, say if they would have the problem fixed by January 10th, 2006. Here are some news items: http://www.finfacts.com/irelandbusiness ... 4361.shtml http://www.bangkokpost.com/breaking_new ... p?id=70706 http://www.microsoft.com/technet/securi ... 12840.mspx http://abcnews.go.com/Technology/wireStory?id=1466500 http://money.cnn.com/2006/01/03/technol ... tm?cnn=yes "Huge virus threat rocks Microsoft Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus. January 3, 2006: 11:08 AM EST NEW YORK (CNNMoney.) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs. According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw. What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file. "The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen. "Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990. Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation." The infected files are saved in the Windows Metafile (WMF) format, but can be labeled as standard JPEG and GIF files, the most common type of images found in webpages and e-mails. The hackers use the entry point to install hidden programs that can launch pop-up ads or steal passwords and other sensitive information. Schmugar says that while the threat is very real, it's contained up to now by the fact that only a small group of websites, well off the beaten path of most surfers, contain the malicious code. "The chances of you going to one of these sites is pretty low," he says, adding, "We're not aware of a mass spamming of this exploit at this time." Still, he cautions, anything could happen. "We'll just have to wait and see." The flaw will actually install ON ITS OWN if you are using Internet Explorer. That's why it's such a critical flaw. If you are using FireFox you get a popup asking you if you want to run the script found in the image file. It's still possible to be infected with FireFox too, you just have to click an "ok" button for it to happen. Until this vulnerability is fixed, ALL images - PNG, GIF, JPG, JPEG, WMF, BMP - are censored. All avatars are also turned off. We'll post when we have more updates. Link to comment Share on other sites More sharing options...
ForsakenMage Posted January 4, 2006 Share Posted January 4, 2006 There is a way to protect yourself from this until the patch is out, especially if you do not have a firewall or anti-virus scan. http://www.microsoft.com/technet/securi ... 12840.mspx I'll quote the part that will help everyone: If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems. What is OneCare? https://www.windowsonecare.com/ Windows OneCare is a comprehensive PC health service that goes beyond security to take an integrated approach to help protect and care for your computer. * The Windows OneCare health meter gives you a clear, continuous indication of your computer's overall level of protection and performance. If Windows OneCare detects anything that you can do to improve the health of your computer, the service will automatically show you what action to take and give you a one-click solution. * Antivirus and Firewall help protect your computer from viruses, worms, Trojan horses, hackers, and other threats. * With a click of the mouse, you can directly scan individual files and folders for viruses. You can even check attachments that you receive through MSN Messenger for viruses or worms. Article refering to OneCare and this particular vulnerbility: http://www.windowsonecare.com/secinfo/wmf1228.aspx Adventurer's Log || YouTube || Facebook || Tip.it Times Work || Wanna Join the Editorial Panel?Maxed Out 01 October 2012 PDT Link to comment Share on other sites More sharing options...
ForsakenMage Posted January 5, 2006 Share Posted January 5, 2006 There is a Windows update! It's out! GET IT!!! Security Update for Windows XP (KB912919) A remote code execution security issue has been identified in the Graphics Rendering Engine that could allow an attacker to remotely compromise your Windows-based system and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to restart your computer. Adventurer's Log || YouTube || Facebook || Tip.it Times Work || Wanna Join the Editorial Panel?Maxed Out 01 October 2012 PDT Link to comment Share on other sites More sharing options...
Sunli Posted January 16, 2006 Share Posted January 16, 2006 Microsoft Releases WMF Exploit Fix - Comments (14) posted by [myg0t]OldManPeterson on Thursday, January 5 @ 7:36 PM Not our normal news, but important news, in my opinion. A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file). The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer. NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc. Surprisingly Microsoft has released the patch earlier then they first said, just now in fact. So it's HIGHLY recommended you update your Windows to fix this critical flaw now. More info on the flaw and patch can be found here: http://www.microsoft.com/technet/securi ... 6-001.mspx Thank you zonda for this heads up! - "I am willing to die...I mean try" - Jewelfire (Want to go bossing?) -"we tried, we cried and we died!" - Limparse (What happens to old farts and tarts on monster-hunts) - "...and we found out that there are as many ways to get to warriors guild...as there are elders trying to get there" - Lysi*snods agely* sorry... *nods sagely* - Brammy -"Equality is being treated the SAME as everyone else; not having special treatment and unique things added in to everything." - Sy_Accursed Link to comment Share on other sites More sharing options...
Recommended Posts