Jan. 4th, 2006

WMF summary

Jan. 4th, 2006 12:03 am
eruthros: Yoda in Dagobah swamp, caption "slimy? mudhole? my fandom this is!" (SW - slimy mudhole fandom)
For those of you not following the current Windows security hole debacle, here's a brief capsule:

1. This is a huge problem; malicious code can execute if you just look at a wmf picture, or if one is indexed by Windows. (Note: WMF pictures don't always have .wmf filenames; they can be jpgs or bmps or whatever.)

2. The Internet Storm Center has reports that approximately 10% of respondents have already seen exploits intended for this vulnerability.

3. IE will automatically open and trigger the image, and therefore the exploit. Firefox will ask if you want to open the wmf image, but it still won't completely protect you -- wmf images can show up in IM, in email, &etc. Logging in as a user, not administrator, will help too, but if the image is left on your computer and you log in later as an administrator you're still in trouble. Safe browsing alone will not protect you; trusted websites have been compromised (Area 52, for one). Anti-virus updates, while good, are several exploits behind. Basically: safer behavior is better, but won't stave off all exploits.

4. Microsoft will not be releasing a patch until January 10th because ... well, they have some craptastic reason, but basically because they suck.

5. No shortage reputable folks (SANS, F-Secure, etc) are suggesting installation of an unofficial patch, available here -- this patch does not alter windows and is uninstallable. SANS and F-Secure both tested the patch and checked the code; it does what it says it does and is not spyware.

I've seen a couple folks on my flist today with unexpected spy-, ad-, or mal- ware problems, and it occurred to me that they might be having this exact problem, so I thought I'd post the briefest of summaries in hopes that it doesn't happen to anyone else. If you want something more detailed, there are FAQs on wikipedia, SANS Internet Storm Center, F-Secure's blog, and even US-CERT, the United States Computer Emergency Response Team.

Please note: anyone who replies to this post telling me running Linux will make it all better will be thoroughly thumped.


eruthros: Delenn from Babylon 5 with a startled expression and the text "omg!" (Default)

May 2017

2829 3031   

Expand Cut Tags

No cut tags
Page generated Sep. 23rd, 2017 12:09 am
Powered by Dreamwidth Studios