Security Flaw in Windows CP members need to know!

Started by Daddymem, January 04, 2006, 09:06:47 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Daddymem

There is a new security threat in "wmf" files that malicious code is inserted into.  There is no patch from Microsoft yet.  Your best bet is to stay away from "wmf" files  in emails, Ims, webpages, forums, etc. until a patch is created.
Read more:
http://technewsworld.com/story/FYHlpLKkW2ulSt/Attack-Vulnerability-Worries-Windows-Users.xhtml

Daddymem

This is absolutely huge!  Even jpeg images within web sites can grab you.  Given the topics googled by CP members, I'd suggest to turn off images in your browser until this is fixed!  Copy of email I sent to my company:

We have some email messages that got through prior to our filter setup this morning:  

PLEASE DO NOT OPEN ANY WMF, OR JPEG IMAGES FROM ANYONE IN EMAIL MESSAGES, DO NOT CLICK LINKS TO WEBPAGES IN EMAILS THAT YOU ARE NOT FAMILIAR WITH. DO NOT VISIT ANY NON-MAJOR WEBSITES (CNN, BOSTON CHANNEL, AMAZON, ETC. ARE OK).  THIS IS A HUGE HUGE HUGE THREAT IT IS SOOO EASY TO UNKNOWINGLY EXECUTE THIS MALICIOUS CODE BY SIMPLY CLICKING A LINK OR OPENING AN IMAGE.  PLEASE USE EXTREME CAUTION ON THE INTERNET UNTIL THIS SECURITY FLAW IS PATCHED.  WATCH YOUR GOOGLE SEARCHES, WHEN IN DOUBT, DON'T CLICK LINKS.  THEY WILL TRICK YOU WITH EMAIL MESSAGES FROM ADDRESSES OF PEOPLE YOU KNOW. THEY WILL TRICK YOU WITH SUBJECTS OF "HAPPY NEW YEAR" FOR EXAMPLE.  WE ARE EXPLORING WAYS TO SHUT OFF ALL JPEG AND WMF IMAGES WITHIN YOUR BROWSERS, WE WILL LET YOU KNOW IF WE CAN DO THAT.


glenn-k

This is nice - but I have faith in Microsoft-- I'm sure they can write a fix that has at least 7 more security holes in it.

glenn-k

#3
One more article with a supposed workaround for some.

http://antivirus.about.com/b/a/231816.htm

Fix - checker etc.

http://antivirus.about.com/gi/dynamic/offsite.htm?site=http://www.hexblog.com/2005/12/wmf%5Fvuln.html

Note that when I try to download the checker, my Norton Internet security stops it.  I think they already installed an update to security on mine automatically.

tjm73

Admitedly I don't know squat about this stuff, but it seems that Windows 98 (for those of us still using it) aren't at risk (for this particular issue anyway)?  Is that right?


glenn-k

#5
Wrong- I'm pretty sure-- and worse the temporary fix won't work for you either-

Check out the above links.   I think Firefox will protect you by asking if you want to open that type file- don't.

Try the checker here -see what happens - its partway down the page after the temp fix.

http://antivirus.about.com/gi/dynamic/offsite.htm?site=http://www.hexblog.com/2005/12/wmf%5Fvuln.html

tjm73

#6
Well, once I get my second PC up and running again and connected to the internet again (tonight I hope).  I plan to go straight to Mircosoft for all the WIN98 patches/updates and then straight to Mozilla to download Firefox.  Right now I have IE6 SP1 installed, but quite honestly I don't trust it too much.

This link in the very first post says "The vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003, Microsoft confirmed."  So I don't know if it's an omission due to it's vintage or that it isn't effected for soem reason.

glenn-k

Unfortunately Microsoft doesn't have a fix scheduled until at least the 10th per the above info- use the above fix on an XP machine - it's easily removable -

Norton internet security stopped the checker and alerted us on mine and my wifes machines - we saw a autoupdate a few days ago for a rapidly spreading threat so that was probably for this. I don't know what other security programs do about it.

glenn-k




Daddymem

Microsoft no longer supports, thus 98 does not exist in their eyes.  There are rumors of "fixes" out there, but nothing confirms they work or are worth the trouble.  Best bet is be vigilant...delete email from unknown sources immediately, don't visit pages you have the slightest doubt about, etc.  These wmfs can be embedded in jpeg images as well as other formats...that is why this one in particular is so dangerous.

tjm73

QuoteMy Mac is safe and secure....:)  

As is my 1st PC....MAC Mini  ;D

I am adding the 2nd PC (my Windows PC) to play with some freeware programs for designing stuff and MS Word & Excel as I prefer them to any other processing & spreadsheet programs I've used.  

Computer was free, so what the heck.  Got a router and a network cable and now I'm reloading everything after getting it wiped by a co-worker that's into computers.  

I'll have my own little internet cafe in my apartment. :D

Daddymem

#12
Here is a temporary workaround...basically disabling the function that has the flaw:

First, you can unregister the specific DLL that implements the vulnerable code from the system using a command line program. To disable the DLL click Start, then Run, then enter the following command:

regsvr32 /u shimgvw.dll
To re-enable the same DLL, click Start, then Run, then enter the following command:
regsvr32 shimgvw.dll

The workaround has been confirmed by iDEFENSE as effective in preventing the current versions of the exploit, with a caveat. Previous vulnerabilities in the parsing of WMF files have led to additional vulnerabilities in EMF files, a later version of the metafile format. iDEFENSE warns that this workaround may not be effective against such future attacks.

Athias warns that if you unregister shimgvw.dll, Windows Explorer will not display thumbnails anymore.


I don't believe that works for 98.

Texan_lost_in_cali

funny my mac and my linux machine both have no problems, just ditch Micro and install Linux.


Daddymem

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.

more info...

http://www.microsoft.com/technet/security/bulletin/advance.mspx

Amanda_931