bozodog Posted January 3, 2006 Report Share Posted January 3, 2006 World+dog scrambles to fight Windows flawProtect and surviveBy John LeydenPublished Tuesday 3rd January 2006 14:08 GMTMicrosoft rushed out a temporary fix on Monday to defend against a dangerous new Windows Meta File vulnerability that became the focus of numerous exploits late last week. Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.The WMF vulnerability exists in computers running Microsoft Windows XP (SP1 and SP2) and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer. Hackers have created a range of Trojan programs which exploit the flaw. Microsoft said it plans to release a patch against the security hole on 10 January as part of its regular "Patch Tuesday" monthly update cycle. ®UnofficalPatchHereStay safe folks. We all know M$ don't give a **** ! Quote Link to post Share on other sites
jcl Posted January 3, 2006 Report Share Posted January 3, 2006 (edited) Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.Well that's certainly not misleading. The only difference between the SANS recommendation and the MS recommendation is that the former recommends using the patch despite, AFAICT, having no evidence that the patch is beneficial if the DLL has been unregistered, or indeed that the patch isn't potentially malificial. Both solutions disable features and may be only partially effective.Stay safe folks. We all know M$ don't give a **** !AFAICT this a difficult problem. The exploit is taking advantage of an intentional, documented, and used feature of GDI. The simple solutions (e.g. the third-party patch) break compatibility. It's quite possible that it will take MS some time to develop a solution that preserves enough compatibility to keep their customers happy. Edited January 3, 2006 by jcl Quote Link to post Share on other sites
bozodog Posted January 5, 2006 Author Report Share Posted January 5, 2006 Errr, uh hum.... maybe I was right???? (or should I say my sweet brit?) http://www.besttechie.net/forums/index.php...t=0entry55298 Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.