WARNING: NEW EXPLOIT

[zonda]

Taken off another site:

 

 

 

 

 

 

 

Microsoft Releases WMF Exploit Fix - Comments (14)

 

 

 

posted by [myg0t]OldManPeterson on Thursday, January 5 @ 7:36 PM

 

 

 

 

 

 

 

Not our normal news, but important news, in my opinion.

 

 

 

 

 

 

 

A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

 

 

 

 

 

 

 

The vulnerability is caused due to an error in the handling of Windows Metafile files (".wmf") containing specially crafted SETABORTPROC "Escape" records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. opening a folder containing a malicious image file).

 

 

 

 

 

 

 

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

 

 

 

 

 

 

 

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like ".jpg", ".gif, ".tif", and ".png" etc.

 

 

 

 

 

 

 

Surprisingly Microsoft has released the patch earlier then they first said, just now in fact. So it's HIGHLY recommended you update your Windows to fix this critical flaw now.

 

 

 

 

 

 

 

More info on the flaw and patch can be found here:

 

 

 

http://www.microsoft.com/technet/securi ... 6-001.mspx

 

 

 

 

 

 

 

So.... look out for some of those PK videos, eh?

[weezcake]

The fix has been out for at least a week now. :)

[Blackthought]

i know this is off topic BUT ANOTHER LP FAN no wonder ur mod :P

[Mercifull]

Thanks Zonda but this exlpoit is almost a month old now and the patch has been around for almost 2 weeks.

[Hannibal]

And we just had an announcement up on the relevant thread, 11 days after another admin had already posted the fact that the patch was out. Is it that hard to check sources? To actually read the post you quoted? Or the technet page it links? Geesh.

[Vape]

Yeah I was like.. "why on earth are they making another announcement?"

[zonda]

eh, well now I feel stupid. Thanks guys :wink:

 

 

 

 

 

 

 

But at least it is a reminder for those lazy kids to update windows in a regular basis!!!

 

 

 

 

 

 

 

WARNING: NEW EXPLOIT

 

 

 

INTERWEBNET RELEAZED!! DUN CLIK NOTING OR YOU COMPUTR GETS NUKULERLY FRIEDD

 

 

 

 

 

 

 

Edit: hannibal, shut the hell up, I am sure you have NEVER made a mistake in your entire life, give me a break and keep it to yourself, thanks.

 

 

 

 

 

 

 

 

 

 

 

weezcake, lefty as in marxism? leninism? communism? I myself prefere leninism, which is more or less socialism and communism mixed... but no government will ever be perfect due to human nature.

[weezcake]

Well I'm in the middle between the moderates and communists.. I'm a socialist :) It's more of Lenin than Marx; Marx is too radical for me.