WMF Exploit: Urgent Update
Sunday January 1, 2006
Irresponsible, public disclosure of exploit code for the WMF Image Handling Flaw has led to new public exploits. Those who disabled shimgvw.dll as per previous instructions will not be protected against this latest version of the exploit.
Here's what F-Secure has to say about this latest version of the exploit:
Ilfak Guilfanov, of IDA Pro fame, has created a patch that he says will protect Windows 2000, XP, and Windows 2003 Server. Details and download can be found here: Windows WMF Metafile Vulnerability HotFix. It's definitely worth noting that SANS is endorsing his patch and claims to have thoroughly tested it as well. (This is not to say that you shouldn't test it thoroughly on your own systems before applying it network-wide).
Is there a chance Ilfak's Windows WMF Metafile Vulnerability HotFix might break something? Sure. That's a risk with any patch or software. But the risk of severe compromise if you don't apply the Ilfak patch is far, far greater. And when Microsoft decides to do something about this extremely critical and widespread flaw in their operating systems, you can apply their patch and remove the one from Ilfak. When you are ready to remove Ilfak's patch, it will be listed in Windows Add/Remove Programs as "Windows WMF Metafile Vulnerability HotFix".
If you use Windows ME or Windows 98, there is no known patch or workaround as yet. So you're left as sitting ducks for the exploit. But there are a few things you can do to help minimize exposure to the exploit. See Staying Safe on a Hostile Internet for details. Additionally, if you use Google Desktop, you should uninstall it until after a patch from Microsoft is released. Google Desktop causes the exploit to render automatically, wherever it is on your system, even if you have never touched the file yourself.
Here's what F-Secure has to say about this latest version of the exploit:
- "It enables clueless newcomers to easily craft highly variable and hard-to-detect variations of image files. Images that take over computers when viewed. And do this on all common Windows platforms. With no vendor patch for the vulnerability available. Meaning that there are hundreds of millions of vulnerable computers in the net right now."
Ilfak Guilfanov, of IDA Pro fame, has created a patch that he says will protect Windows 2000, XP, and Windows 2003 Server. Details and download can be found here: Windows WMF Metafile Vulnerability HotFix. It's definitely worth noting that SANS is endorsing his patch and claims to have thoroughly tested it as well. (This is not to say that you shouldn't test it thoroughly on your own systems before applying it network-wide).
Is there a chance Ilfak's Windows WMF Metafile Vulnerability HotFix might break something? Sure. That's a risk with any patch or software. But the risk of severe compromise if you don't apply the Ilfak patch is far, far greater. And when Microsoft decides to do something about this extremely critical and widespread flaw in their operating systems, you can apply their patch and remove the one from Ilfak. When you are ready to remove Ilfak's patch, it will be listed in Windows Add/Remove Programs as "Windows WMF Metafile Vulnerability HotFix".
If you use Windows ME or Windows 98, there is no known patch or workaround as yet. So you're left as sitting ducks for the exploit. But there are a few things you can do to help minimize exposure to the exploit. See Staying Safe on a Hostile Internet for details. Additionally, if you use Google Desktop, you should uninstall it until after a patch from Microsoft is released. Google Desktop causes the exploit to render automatically, wherever it is on your system, even if you have never touched the file yourself.
No comments yet. Leave a Comment