Previous entries
Next entries

January 4th, 2006

Temporary WMF Flaw Fix

By Jimmy Daniels
Contributing Writer, RealTechNews

Okay, normally, I wouldn’t push a fix for Windows that didn’t come from Microsoft, but the folks at F-Secure are pretty high on the guy who created it. Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system, it instead revokes WMF’s SETABORT escape sequence. This, of course wouldn’t be necessary if Microsoft would just release the patch now, instead of waiting until Tuesday as Michael had posted. Note: Ilfak said to remove his patch and install Microsoft’s when it does come out.

“Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen,” Hypponen said. “We estimate 99 percent of computers worldwide are vulnerable to this attack.”

The Windows Meta File flaw uses images to execute arbitrary code, according to a security advisory issued by the Internet Storm Center. It can be exploited just by the user viewing a malicious image.

Microsoft plans to release a fix for the WMF vulnerability as part of its monthly security update cycle on Jan. 10, according to the company’s security advisory. Source: News.com

We Say: Looks like this could be a big mistake for Microsoft if they do not release the patch now, one would think they would want this mess to go away as fast as possible, especially if the estimates are correct that 99% of pc’s are vulnerable. F-Secure has reported one worm has already been found, but reports of it are very few. Whatever you do, be careful where you go, and don’t visit any links you are not sure about, and if you unregister the Shimgvw.dll, be aware that opening an infected file in paint will still affect your pc, even if you rename the file. F-Secure has a short list of url’s to definitely avoid posted here.

More coverage available here, windows xp, security.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

2 comments to "Temporary WMF Flaw Fix"

  1. Ikaruga says:

    I apologize for sounding like I don’t know anything about computers, but I’m a little confused about the way this exploit works. Who is affected? Anyone running windows or just those using IE? If everyone, it’s also not clear how you can be infected: simply visiting a malicious site or by clicking an infected image?

    January 4th, 2006 at 9:59 am

  2. Jimmy says:

    It only affects users running Windows and it appears that most of the later versions of Opera and firefox are prompted to open the meta files, so they are safer since they don’t do it automatically, but, if you tell it to open the file, you will still be infected. Interent Explorer will open the files automatically, so visiting websites with these metafiles will affect you, as well as opening the files locally on your computer using the Windows picture viewer or mspaint. I had read also that you could be affected if you use the preview pane in outlook express, but these articles do not mention that, but, I would say that would definately be possible also. In general, I think that anything that uses SHIMGVW.DLL to get the meta file info can cause the exploit to be run. Run the fix here http://www.hexblog.com/index.html until Microsoft releases theirs.

    January 4th, 2006 at 10:17 am

Leave a comment