![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
WMF summary
Jan. 4th, 2006 12:03 amFor those of you not following the current Windows security hole debacle, here's a brief capsule:
1. This is a huge problem; malicious code can execute if you just look at a wmf picture, or if one is indexed by Windows. (Note: WMF pictures don't always have .wmf filenames; they can be jpgs or bmps or whatever.)
2. The Internet Storm Center has reports that approximately 10% of respondents have already seen exploits intended for this vulnerability.
3. IE will automatically open and trigger the image, and therefore the exploit. Firefox will ask if you want to open the wmf image, but it still won't completely protect you -- wmf images can show up in IM, in email, &etc. Logging in as a user, not administrator, will help too, but if the image is left on your computer and you log in later as an administrator you're still in trouble. Safe browsing alone will not protect you; trusted websites have been compromised (Area 52, for one). Anti-virus updates, while good, are several exploits behind. Basically: safer behavior is better, but won't stave off all exploits.
4. Microsoft will not be releasing a patch until January 10th because ... well, they have some craptastic reason, but basically because they suck.
5. No shortage reputable folks (SANS, F-Secure, etc) are suggesting installation of an unofficial patch, available here -- this patch does not alter windows and is uninstallable. SANS and F-Secure both tested the patch and checked the code; it does what it says it does and is not spyware.
I've seen a couple folks on my flist today with unexpected spy-, ad-, or mal- ware problems, and it occurred to me that they might be having this exact problem, so I thought I'd post the briefest of summaries in hopes that it doesn't happen to anyone else. If you want something more detailed, there are FAQs on wikipedia, SANS Internet Storm Center, F-Secure's blog, and even US-CERT, the United States Computer Emergency Response Team.
Please note: anyone who replies to this post telling me running Linux will make it all better will be thoroughly thumped.
1. This is a huge problem; malicious code can execute if you just look at a wmf picture, or if one is indexed by Windows. (Note: WMF pictures don't always have .wmf filenames; they can be jpgs or bmps or whatever.)
2. The Internet Storm Center has reports that approximately 10% of respondents have already seen exploits intended for this vulnerability.
3. IE will automatically open and trigger the image, and therefore the exploit. Firefox will ask if you want to open the wmf image, but it still won't completely protect you -- wmf images can show up in IM, in email, &etc. Logging in as a user, not administrator, will help too, but if the image is left on your computer and you log in later as an administrator you're still in trouble. Safe browsing alone will not protect you; trusted websites have been compromised (Area 52, for one). Anti-virus updates, while good, are several exploits behind. Basically: safer behavior is better, but won't stave off all exploits.
4. Microsoft will not be releasing a patch until January 10th because ... well, they have some craptastic reason, but basically because they suck.
5. No shortage reputable folks (SANS, F-Secure, etc) are suggesting installation of an unofficial patch, available here -- this patch does not alter windows and is uninstallable. SANS and F-Secure both tested the patch and checked the code; it does what it says it does and is not spyware.
I've seen a couple folks on my flist today with unexpected spy-, ad-, or mal- ware problems, and it occurred to me that they might be having this exact problem, so I thought I'd post the briefest of summaries in hopes that it doesn't happen to anyone else. If you want something more detailed, there are FAQs on wikipedia, SANS Internet Storm Center, F-Secure's blog, and even US-CERT, the United States Computer Emergency Response Team.
Please note: anyone who replies to this post telling me running Linux will make it all better will be thoroughly thumped.
