![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
THIS IS IMPORTANT: THIS FLAW EXISTS IN EVERY VERSION OF WINDOWS FROM 98 TO XP!
http://www.wired.com/news/technology/0,69953-0.html?tw=wn_tophead_8
Microsoft publicly announced last week -- after security firms had already scooped the software maker -- yet another Windows vulnerability for which the company has yet to release security patches. But this bug is a lot more lethal than your typical buffer overflow.
Redmond acknowledges that attackers can gain complete control of your PC using a layer of Windows the company designed more than a decade ago. According to a company statement, Microsoft will release an update Jan. 10 to protect your PC, but between now and then you're potentially vulnerable if you're running virtually any version of Windows, from 98 to XP.
However, there are proactive steps you can take so that a black-hat hacker does not take complete control of your PC while you're waiting for the patch.
What is the vulnerability?
There is a flaw in the way that Windows processes Microsoft Windows Meta File, or WMF, images. Attackers can craft special image files that, if viewed, give them carte blanche to access and control your PC.
Attackers are already taking advantage of the vulnerability in a number of ways, including spamming out e-mail messages that contain links to malicious websites that exploit the bug. Many legitimate websites have also been hacked and comprised to deliver the attack, according to Websense Security Labs, which was first to warn of the vulnerability. Websense says the WMF code also is being exploited through third-party banner ads on mainstream websites. And, like traditional Windows threats, the bug can always be exploited by a malicious e-mail attachment.
Did Microsoft design this vulnerability on purpose?
Microsoft first allowed .wmf file extensions to carry executable code at least as far back as Windows 3.0, Websense says. This was to enable Windows to cancel print jobs using the file format, and the developers in that simpler era apparently didn't imagine it would be used for anything more malicious.
A layer of backward compatibility folded into modern Windows kept the security hole alive below the surface of the operating system. Now anyone can use WMF files to do anything they want to your system, such as copying or destroying data, or installing backdoors to allow re-entry later. They can also cancel your print jobs.
What steps can be taken to protect your PC?
You can stop accessing the internet until Jan. 10, when Microsoft says it will have security updates. More realistically, there are some measures you can take to protect your system now.
Firstly, follow the IT department mantra of never opening an attachment or clicking on a web link in an e-mail from an unknown user (or an odd or unexpected e-mail from a friend). Microsoft says updated versions of antivirus software from Symantec, Computer Associates, McAfee and others also can block exploitation of this vulnerability.
But your best bet may be a nifty unofficial patch created by programmer Ilfak Guilfanov and available for download from The SANS Institute.
To see if your PC has already been infected, Microsoft's Windows AntiSpyware beta works reasonably well.
Can't I neutralize the exploit using Windows commands?
Microsoft and numerous security websites suggest a workaround that prevents Windows Picture and Fax Viewer from opening image files, including the vulnerable WMF format. This reduces your exposure, but doesn't fix the underlying vulnerability.
Under Windows XP, access the Run command and type "regsvr32 -u %windir%\system32\shimgvw.dll." Then click OK.
For maximum effect, SANS suggests a double-fisted approach of implementing this workaround and installing Guilfanov's patch until Microsoft comes out with an official fix.
http://www.wired.com/news/technology/0,69953-0.html?tw=wn_tophead_8
Microsoft publicly announced last week -- after security firms had already scooped the software maker -- yet another Windows vulnerability for which the company has yet to release security patches. But this bug is a lot more lethal than your typical buffer overflow.
Redmond acknowledges that attackers can gain complete control of your PC using a layer of Windows the company designed more than a decade ago. According to a company statement, Microsoft will release an update Jan. 10 to protect your PC, but between now and then you're potentially vulnerable if you're running virtually any version of Windows, from 98 to XP.
However, there are proactive steps you can take so that a black-hat hacker does not take complete control of your PC while you're waiting for the patch.
What is the vulnerability?
There is a flaw in the way that Windows processes Microsoft Windows Meta File, or WMF, images. Attackers can craft special image files that, if viewed, give them carte blanche to access and control your PC.
Attackers are already taking advantage of the vulnerability in a number of ways, including spamming out e-mail messages that contain links to malicious websites that exploit the bug. Many legitimate websites have also been hacked and comprised to deliver the attack, according to Websense Security Labs, which was first to warn of the vulnerability. Websense says the WMF code also is being exploited through third-party banner ads on mainstream websites. And, like traditional Windows threats, the bug can always be exploited by a malicious e-mail attachment.
Did Microsoft design this vulnerability on purpose?
Microsoft first allowed .wmf file extensions to carry executable code at least as far back as Windows 3.0, Websense says. This was to enable Windows to cancel print jobs using the file format, and the developers in that simpler era apparently didn't imagine it would be used for anything more malicious.
A layer of backward compatibility folded into modern Windows kept the security hole alive below the surface of the operating system. Now anyone can use WMF files to do anything they want to your system, such as copying or destroying data, or installing backdoors to allow re-entry later. They can also cancel your print jobs.
What steps can be taken to protect your PC?
You can stop accessing the internet until Jan. 10, when Microsoft says it will have security updates. More realistically, there are some measures you can take to protect your system now.
Firstly, follow the IT department mantra of never opening an attachment or clicking on a web link in an e-mail from an unknown user (or an odd or unexpected e-mail from a friend). Microsoft says updated versions of antivirus software from Symantec, Computer Associates, McAfee and others also can block exploitation of this vulnerability.
But your best bet may be a nifty unofficial patch created by programmer Ilfak Guilfanov and available for download from The SANS Institute.
To see if your PC has already been infected, Microsoft's Windows AntiSpyware beta works reasonably well.
Can't I neutralize the exploit using Windows commands?
Microsoft and numerous security websites suggest a workaround that prevents Windows Picture and Fax Viewer from opening image files, including the vulnerable WMF format. This reduces your exposure, but doesn't fix the underlying vulnerability.
Under Windows XP, access the Run command and type "regsvr32 -u %windir%\system32\shimgvw.dll." Then click OK.
For maximum effect, SANS suggests a double-fisted approach of implementing this workaround and installing Guilfanov's patch until Microsoft comes out with an official fix.
