|
SirKenin -> Dangerous exploit for Windows WMF files found. (1/9/2006 1:59:18 PM)
|
You might want to read this and ensure that your computers are up to date. You are particularly vulnerable if you surf malicious websites, porn sites, or hacker sites.
This came in My email, but the article is posted on the web at http://www.connectitnews.com/story.cfm?item=2732
On December 27, 2005, the Windows Metafile (WMF) vulnerability was published on the web.
Another Windows vulnerability? Yawn. Go back to holiday eating and drinking.
Few paid much attention until January 2 or 3, which is when word started to spread about how potentially dangerous and easy to exploit the vulnerability was.
The WMF is a zero-day vulnerability: it can be exploited immediately, without waiting for a virus to spread. Microsoft Windows WMF graphics rendering engine is affected by a remote code execution vulnerability. The problem appears when a user views a malicious WMF formatted file that triggers the vulnerability when the engine attempts to parse the file.
The issue may be exploited remotely or by a local attacker. Any remote code execution will be with the privileges of the user viewing the malicious image, allowing an attacker to gain system privileges if the user viewing the file is logged on as administrator. Every single Microsoft operating system is potentially a target.
Because Windows contains millions of lines of code, nobody can really blame Microsoft for not knowing the vulnerability was there.
"We found out December 27 the same time as everyone else. It's a zero-day exploit," said Derick Wong senior security product manager, Microsoft.
Still, once the holidaze cheer had subsided, a lot of people were ticked off.
One security pro, Kelly Martin, writing in Security Focus magazine, called WMF "an exploit that can elude even anti-virus and IDS sensors and compromise a system very easily.
"I truly believe that millions of computers - perhaps tens of millions - are being compromised by criminals right now. These include computers inside government, military, and scientific installations. And millions of home computers. Pretty much anyone who can reach the Web, receive email or instant messages is vulnerable. It's frightening. Even without an email-borne virus I anticipate the WMF vulnerability is going to create greater waves than Blaster when all is said and done. A single wrong click, even by an experienced security professional, and it's game over. A simple search in Google and one click is all it takes."
For a while, some could be forgiven for thinking that this time, the sky really was falling.
Read the rest online at the URL I posted.
|
|
|
|
