Second Life Forums Archive - Windows Exploit: No Patch

Chance Abattoir

Future Rockin' Resmod

Join date: 3 Apr 2004

Posts: 3,898

12-29-2005 11:37

http://www.techworld.com/security/news/index.cfm?NewsID=5066&inkc=0

From: techworld

29 December 2005

Hackers exploit Windows flaw
By Juan Carlos Perez, IDG news service

Security firms have warned that patched systems running Windows XP and Windows Server 2003 can be successfully attacked by malicious hackers.
The attacks can be carried out thanks to a newly discovered vulnerability in those operating systems' handling of corrupted .WMF (Windows Metafile) graphic files.
The firms describe the exploit as "zero day," because malicious hackers are taking advantage of it while there is no patch or certified workaround against the vulnerability.
Malicious hackers can run the code of their choice on compromised systems, and even machines that have all available patches installed are vulnerable, according to several advisories.
Currently, security firms are warning that machines can be attacked if users do any of the following:

open a malicious .WMF file in Windows Picture and Fax Viewer

open a malicious .WMF file in Windows Picture and Fax Viewer

or preview a malicious .WMF file in Windows Explorer

However, the number of attacks could increase dramatically if malicious hackers find more automated ways to target systems, such as using e-mail, instant messages or file sharing, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense.
Attacks so far have been limited to installation of adware and spyware on compromised machines, but "you’re probably going to see Trojans and more sinister code develop and emerge in the next few days," Dunham said in an interview.
There is no patch for the security hole. While some workarounds are being suggested on the Web, Dunham is only validating this one for disabling .WMF file handling: First, users should click on the Start button on the taskbar. Then they should click on Run, type "regsvr32 /u shimgvw.dll" and click "Ok" when the change dialog appears.

There is more to the article. Remote linking didn't work for the friend who sent it to me; if it doesn't for you then go to techworld.

Cue obligatory advertisement for Apple by Ulrika and end thread. Bump.

_____________________

"The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence."
-Insane Ramblings, Anton LaVey

Bond Harrington

Kills Threads At 500yds

Join date: 15 May 2005

Posts: 198

12-29-2005 12:54

WMF? I've honestly never heard of that file format.

Moonshine Herbst

none

Join date: 19 Jun 2004

Posts: 483

12-29-2005 13:00

From: Bond Harrington

WMF? I've honestly never heard of that file format.

It is a scalable, vector graphics format. Mostly used by Microsoft Office applications for clipart. The format is not good for much more than that, and professional graphic artists in need of scalable graphics, prefer eps-files.

_____________________

Phoenix Psaltery

Ninja Wizard

Join date: 25 Feb 2005

Posts: 2,599

12-29-2005 14:12

From: Bond Harrington

WMF? I've honestly never heard of that file format.

Windows MetaFile.

Mostly they're found in clipart libraries such as the ones that come with Microsoft Publisher, etc. Not terribly useful, in my book.

P2

_____________________

Chance Abattoir

Future Rockin' Resmod

Join date: 3 Apr 2004

Posts: 3,898

12-29-2005 14:17

I should've included this part:

However, Dunham warns that recent vulnerabilities related to .WMF have also included .EMF files and that "it is possible that exploitation might still be possible through alternative file types such as EMF,"

_____________________

"The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence."
-Insane Ramblings, Anton LaVey

Jeffrey Gomez

Cubed™

Join date: 11 Jun 2004

Posts: 3,522

12-29-2005 15:15

Read that off Sunbelt yesterday. You can also fix this by associating WMF files to Notepad or some other app (mine was the GIMP by default).

Par for the course. Heard a lot of people being hit by this, and a lot of new variants, though.

_____________________

---

Windows Exploit: No Patch
Chance Abattoir Future Rockin' Resmod Join date: 3 Apr 2004 Posts: 3,898	12-29-2005 11:37 http://www.techworld.com/security/news/index.cfm?NewsID=5066&inkc=0 From: techworld 29 December 2005 Hackers exploit Windows flaw By Juan Carlos Perez, IDG news service Security firms have warned that patched systems running Windows XP and Windows Server 2003 can be successfully attacked by malicious hackers. The attacks can be carried out thanks to a newly discovered vulnerability in those operating systems' handling of corrupted .WMF (Windows Metafile) graphic files. The firms describe the exploit as "zero day," because malicious hackers are taking advantage of it while there is no patch or certified workaround against the vulnerability. Malicious hackers can run the code of their choice on compromised systems, and even machines that have all available patches installed are vulnerable, according to several advisories. Currently, security firms are warning that machines can be attacked if users do any of the following: open a malicious .WMF file in Windows Picture and Fax Viewer open a malicious .WMF file in Windows Picture and Fax Viewer or preview a malicious .WMF file in Windows Explorer However, the number of attacks could increase dramatically if malicious hackers find more automated ways to target systems, such as using e-mail, instant messages or file sharing, according to Ken Dunham, director of the rapid response team at VeriSign's iDefense. Attacks so far have been limited to installation of adware and spyware on compromised machines, but "you’re probably going to see Trojans and more sinister code develop and emerge in the next few days," Dunham said in an interview. There is no patch for the security hole. While some workarounds are being suggested on the Web, Dunham is only validating this one for disabling .WMF file handling: First, users should click on the Start button on the taskbar. Then they should click on Run, type "regsvr32 /u shimgvw.dll" and click "Ok" when the change dialog appears. There is more to the article. Remote linking didn't work for the friend who sent it to me; if it doesn't for you then go to techworld. Cue obligatory advertisement for Apple by Ulrika and end thread. Bump. _____________________ "The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence." -Insane Ramblings, Anton LaVey
Bond Harrington Kills Threads At 500yds Join date: 15 May 2005 Posts: 198	12-29-2005 12:54 WMF? I've honestly never heard of that file format.
Moonshine Herbst none Join date: 19 Jun 2004 Posts: 483	12-29-2005 13:00 From: Bond Harrington WMF? I've honestly never heard of that file format. It is a scalable, vector graphics format. Mostly used by Microsoft Office applications for clipart. The format is not good for much more than that, and professional graphic artists in need of scalable graphics, prefer eps-files. _____________________
Phoenix Psaltery Ninja Wizard Join date: 25 Feb 2005 Posts: 2,599	12-29-2005 14:12 From: Bond Harrington WMF? I've honestly never heard of that file format. Windows MetaFile. Mostly they're found in clipart libraries such as the ones that come with Microsoft Publisher, etc. Not terribly useful, in my book. P2 _____________________
Chance Abattoir Future Rockin' Resmod Join date: 3 Apr 2004 Posts: 3,898	12-29-2005 14:17 I should've included this part: However, Dunham warns that recent vulnerabilities related to .WMF have also included .EMF files and that "it is possible that exploitation might still be possible through alternative file types such as EMF," _____________________ "The mob requires regular doses of scandal, paranoia and dilemma to alleviate the boredom of a meaningless existence." -Insane Ramblings, Anton LaVey
Jeffrey Gomez Cubed™ Join date: 11 Jun 2004 Posts: 3,522	12-29-2005 15:15 Read that off Sunbelt yesterday. You can also fix this by associating WMF files to Notepad or some other app (mine was the GIMP by default). Par for the course. Heard a lot of people being hit by this, and a lot of new variants, though. _____________________ ---

Welcome to the Second Life Forums Archive

Windows Exploit: No Patch