New Windows hole. This one's super fun!
A new fun Windows hole has been discovered, which allows exploits to spread through images on the web. See SANS FAQ for the painful details, but here are some highlights.
- The problem is in the way Windows Metafile images are handled. The vulnerability is exposed when previewing image files, when Internet Explorer displays images, and possibly at other times. (Google Desktop indexing apparently triggers this too.)
- Unfortunately, hacked files don't have to end in .wmf, because the format is auto-detected. The file name can end in .gif, .jpg, etc. So it's possible for web pages to include what look like .gif files, that are really Windows Metafiles with an awful payload.
- The hacked images can be made to execute arbitrary code. Fake spyware and worms have already been observed; it's no brainer that this will be extended to other malware as well.
- At the same time, the payloads can assume different forms and can fool signature-based antiviruses and intrusion detection systems.
- And here's the real kicker. There is no patch from Microsoft, and it's not known when one can be expected. This vulnerability is a design flaw in the image library, and present in all versions of Windows from 3.0 to Server 2003.
Fun, no? So be careful with those holiday e-cards, and with random web sites with user-contributed images (like ebay, wiki, etc).
Also, please let me know if I missed anything.
Thanks for the heads up!! Much appreciated.
I am a sinner who does not expect forgiveness, but I am not a government official.
~Francis Wolcott
XBox Live: XRayDevil
I highly suggest those who want to to use VMWare for browsing.
http://www.vmware.com/vmtn/vm/browserapp.html
Either that or get a text only web browser (Lynx) for the time being.
XBox Live|Tshirts|My Music|GameFly|xfire
Yup, this sure beats having to edit an xorg.conf file.
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
My tinfoil hat whispers that it is clever MS operation aimed at convincing the last Win98 strongholds to upgrade.
I`m Artsy Partsy Gun For Hire
My post didn't do it for you?
Well, anyway, as the SANS folks advise, there is a third-party patch, and a DLL to disable, until MS gets it's act together. I've put these on my systems at home, here's hoping.
So I'm going to say it explicitly - use the patch and disable the DLL. This exploit is in the wild.
If wishes were trees the trees would be falling, Listen to reason, Reason is calling
Your feet are going to be on the ground, Your head is there to move you around -- REM
Now you see what you've done? I was all ready to ignore the chance to make a snide comment about how I don't have to worry about this because all the computers I deal with are either Macs or FreeBSD boxes. But you had to go and start the OS feuding, didn't you?
XBL/PSN: zeroKFE | BHA: zeroKFE | Spore: zeroKFE
Wake me up when Linux scales linearly to 144+ threads. Until then, it's just arguing about who's on second.
If wishes were trees the trees would be falling, Listen to reason, Reason is calling
Your feet are going to be on the ground, Your head is there to move you around -- REM
I don't know what that means but it sounds nerdy. Explain the nerdiness, nerd!
XBox Live|Tshirts|My Music|GameFly|xfire
Nice. Now you realize you can never, credibly, call anyone's comments out of place in a thread again, right?
"And my son, too, thinks everything is a launchpad, every bug a meal, and every sunny day a reason to take all your clothes off and roll around in the grass." - rabbit
Sent the article to my IT guy in the office, he didn't seem too bothered by it. Guess we're all gonna die.
I'm not lost. I'm locationally challenged.
Spore Profile
Bunnies?
We shall grapple with the ineffable, and see if we may not eff it after all.
That's somewhat troubling.....unless you're all running on Macs.
XBL: necrocinnabon
EVE Online: Hephaestus Jones
This is it! This is the big one! Luckily I've got a pantry full of canned foods (Spaghetti-O's for years) and I've stocked up on bottled water and duct tape. I'm prepared to ride this one out.
"Even though that place should only be fifteen or twenty minutes away geographically, in actual practice - between the hours of four and seven - Redmond might as well orbit the Earth." - Tycho, Penny Arcade
Maybe this isn't the thread for it, and if it's not, say so... but these viruses are made by someone, right? What purpose are these kinds of viruses fufilling? Is this just script kiddies out to make a name for themselves, or something else entirely?
Sorry if I sound naive, but I really really don't get it anymore.
"Even though that place should only be fifteen or twenty minutes away geographically, in actual practice - between the hours of four and seven - Redmond might as well orbit the Earth." - Tycho, Penny Arcade
Nope, Dell's running XP with full MS packages.
I'm not lost. I'm locationally challenged.
Spore Profile
Wouldn't an anti-virus program keep you from getting anything?
You don't have to call me Lieutenant, Rosie......
Woof Woof! That's my other dog imitation...
XBox Live: SwampYankee68
I don't know what most of those fancy words mean, but I think it's saying no, Swamps.
"Even though that place should only be fifteen or twenty minutes away geographically, in actual practice - between the hours of four and seven - Redmond might as well orbit the Earth." - Tycho, Penny Arcade
The nasty thing about this is that it defies the standard way that anti-virus products look for virii, definition files. Slashdot has a post with tons of stories about it here.
Do you ever walk alone like a drifter in the dark?
Boy, they ram that stick WAY up there, don't they?
It was a joke, some pretty obvious needling. I'll remember to end it with five smileys next time.
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
It wasn't me! uhhhh.......
This is Chewbacca.....
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
The sign of a professional jerk is someone who strenuously argues about something in one thread, brings it up in another and says that this time it was a joke and you're an uptight prude. Truly, a professional
Certis beat me to it. - Elysium
Of course, there's also the little fact that this discussion is almost 100% unrelated to the other one, but why let that get in the way? Or, having now made some sort of defense of Linux in a past discussion, is everything I am to say in the future on the subject of OSs to be a crusade?
And as if sarcastic comments from me are somehow new!
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
When it comes to forum posts, there's no such thing as "unrelated to another thread", especially when the subject matter is similar. Jerk.
Certis beat me to it. - Elysium
Programmer fight!
"Men like sex, thus boobies! Oogaba!" - dejanzie
"If ads put your sanity to the test
come on down to Rat Boy's nest!
light up a stogie, and soon you'll see
how rock can be commercial-free!
'I'd hit it!'" - HP Lovesauce
Yeah, I noticed you turned my beloved Pacific Division hockey thread into yet another damn discussion about 2K Xbox vs. 360. I want compartmentalization damn it.
EDIT: There, now my posts have a disclaimer.
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
The ironic part is that this would be about the last place to get ammo for a good anti-MS troll if one were to be made. A newly discovered vulnerability is of course not going to be patched yet. Now if it goes unpatched for a few months, then that'd be a different story.
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
Though in fairness, I believe Certis is neither a programmer nor a desk jockey.
Lucky bastard.
Xbox Live: StaatsM
Quick update - Microsoft is scheduling a fix to be released on January 10th. The reason for the delay is that they're doing a simultaneous release for all languages and all applicable Windows versions, so they've got a ton of testing to do.
In the meantime, the unofficial patch mentioned by Robear seems to work quite well. Just gotta remember to uninstall it before applying the patch next week!
(BTW, sorry for stealing your thunder, Ro!
)
January 10th = second Tuesday of the month. That's their regular patch release schedule.
Gaming / PC Tech Blog: www.blastprocessing.net
Xbox Live: Legion SB / PSN: Legion_SB / Steam: legion028
Follow me! http://twitter.com/legion
You didn't, you did a great job of explaining it. I just felt a cough coming on, is all.
Is there an uninstall for the patch?
If wishes were trees the trees would be falling, Listen to reason, Reason is calling
Your feet are going to be on the ground, Your head is there to move you around -- REM