It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Originally posted by curme
Why is there an independent patch, but Microsoft hasn't put one out yet?
Original Source: Microsoft
Based on strong customer feedback, all Microsoft’s security updates must pass a series of quality tests, including testing by third parties, to assure customers that they can be deployed effectively in all languages and for all versions of the Windows platform with minimum down time.
Original Source: Microsoft
If you are a Windows OneCare user and your current status is green, you are already protected from known malware that uses this vulnerability to attempt to attack systems.
Originally posted by Zipdot
Google's thumbnails have nothing to do with local thumbnails on your computer. If you unregister that .dll, you should no longer see thumbnails when running explorer.exe and browsing a directory on your computer composed of mostly images.
Originally posted by Zipdot
The thumbnails aren't really the problem, though. Displaying thumbnails automatically is just one possible way that your computer can get pwned.
ZD Net AU
04 January 2006 09:18 AM
"We have seen dozens of different attacks using this vulnerability since Dec. 27," Hypponen said. "One exploits image files and tries to get users to click on them; another is an MSN Messenger worm that will send the worm to people on your buddy list, and we have seen several spam attacks."
Smart Money
Published: January 03, 2006 2:58 PM
Johannes Ullrich, chief research officer at SANS Institute, said there are hundreds of Web sites that carry the infected images, and he's tracking the possibility that an online ad service is serving up infected image files. He says 5% to 10% of users appear to be infected,"an order of magnitude more than other attacks."
McAfee
To date, McAfee is aware of over 120,000 McAfee VirusScan Online customers who have reported detecting Exploit-WMF files attempting to execute on their systems
Panda Discovers WMFMaker
This WMF generation kit is designed to be used from the commandline, by including the full path of the tool and of the executable file that will be run if the vulnerability is exploited. By doing this, a file with a windowsmetafile extension is generated under a name that varies between "evilwindowsmetafile" and the name of the executable file included inside it.
This tool allows malicious WMFs to be generated from any other code, which allows malware to be dropped on user’s systems by exploiting the critical vulnerability in the Windows Meta File process that has not yet been resolved.
National Business Review
Reportedly, Microsoft is concerned that, since the windowsmetafile function is built so deeply into Windows, a large but unknown number of third party applications may depend on it.
Original Source
It is true, as F-Secure says, that all versions of Windows back to 3.0 have the vulnerability in GDI32. But most versions of Windows are not quite as vulnerable as they appear. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files
Source: Symantec
The issue may be exploited remotely or by a local attacker. Any remote code execution that occurs will be with the privileges of the user viewing a malicious image. An attacker may gain SYSTEM privileges if an administrator views the malicious file.
Originally posted by SwearBear
This will disable WMF:
Start > Run > regsvr32 -u %windir%\system32\shimgvw.dll
This means you can't view thumbnails or anything with "Windows Picture and Fax Viewer"
When you have the official fix, turn it on again:
Start > Run > regsvr32 %windir%\system32\shimgvw.dll
I think that's the safest way to go right now. If you have the program which has the bug, disabled, you shouldn't have anything to worry about regarding various worms, viruses etc. that might exploit this vulnerability.
BTW, the bug also affects other browsers, like Firefox.
Originally posted by UnknownOrigins
Don't know what conclusions other people will draw, but either Microsoft doesn't consider this to be much of a serious threat or they're simply trying to get new Windows OneCare users, your call.
UO
Edit: added Windows OneCare quote
Originally posted by TheBandit795
Microsoft is still testing the hotfix apparently. And isn't OneCare still in Beta mode??
Windows XP (all versions) Prerequisites
This security update requires Microsoft Windows XP Service Pack 1 or a later version.
Windows 2000 (all versions) Prerequisites
For Windows 2000, this security update requires Service Pack 4 (SP4).
Disclaimer:
The information provided in this security bulletin is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose.
Originally posted by makeitso
It appears that Windows 98, Windows NT, and Windows 2000 sp2, and sp3 clients are left out in the cold as usual.
Original Source: Microsoft
How does the extended support for Windows 98, Windows 98 Second Edition, and Windows Millennium Edition affect the release of security updates for these operating systems?
For these versions of Windows, Microsoft will only release security updates for critical security issues. Non-critical security issues are not offered during this support period.
Are Windows 98, Windows 98 Second Edition, or Windows Millennium Edition critically affected by one or more of the vulnerabilities that are addressed in this security bulletin?
No. Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions.
UnknownOrigins
does list the exploit as having a critical severity rating, yet they have not released a patch for older operating systems despite their claim to do so in the event of a critical security issue. Try and figure that one out.
Although Windows 98, Windows 98 Second Edition, and Windows Millennium Edition do contain the affected component, the vulnerability is not critical because an exploitable attack vector has not been identified that would yield a Critical severity rating for these versions