Windows Metafile WMF Vulnerability - 0-Day Exploit Overdrive - 1,911 Views, 1 Comment
|
Previous Article « RIAA Martyr Patricia Santangelo - RIAA Takes Internet Illitereate Mom to Mat
Read Next Article » If You’ve Ever Considered Getting a Roomba - Now’s the Time! Here’s a Hot Internet Deal
A recently discovered Windows Metafile (WMF stands for “Windows Meta File”) vulnerability is the latest Windows vulnerability to have its own 0-day exploit, and this is a nasty one. A 0day exploit (also known as a “zero-day exploit”) is an exploit which is already available on the same day as, or even before, the vulnerability itself is announced. In this case, the reason that the Windows Meta File (WMF) vulnerability is so nasty is because the zero-day exploit is so nasty. And the reason that the 0day exploit is so nasty is because, in Microsoft’s own words, the 0day exploit “could allow an attacker to execute arbitrary code on the user’s system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site.” In other words, by putting a poisoned WMF (Windows Meta File) image on their website, the attacker is causing your browser, when you view the image, to open a big gaping security hole into your computer system. While there have been official sightings of at least three different exploits already taking advantage of the Windows Metafile vulnerability, some sources are citing as many as seventy known malicious programs which can take advantage of the WMF issue. Explained Mikko Hypponen, Chief Research Officer for security company F-Secure, “Do note that it’s really easy to get burned by this exploit if you’re analyzing it under Windows. All you need to do is to access an infected web site with IE (Internet Explorer) or view a folder with infected files with the Windows Explorer.” So what can you do? Well, using a browser other than Internet Explorer can help, but it’s no assurance. Opera and Mozilla also render WMFs, however in most instances, I’m told, they prompt the user before doing so (to which you say a resounding “no!”). And while there is not yet an official patch from Microsoft (one is expected next week), trusted industry insider Ilfak Guilfanov has made an unofficial patch available through his Hexblog. While that site is taking a lot of heavy hits as people rush to get the patch, Steve Gibson over at Gibson Research has made a mirror available, along with a lot of other information about the Windows Metafile vulnerability. You can check that out over at Gibson Research. And, of course, make sure that your anti-virus software is up to date. Now!
Follow Anne on Twitter
Friend Anne on Facebook
Windows Metafile WMF Vulnerability - 0-Day Exploit Overdrive
Twitter Explained in Plain English
Previous Article « RIAA Martyr Patricia Santangelo - RIAA Takes Internet Illitereate Mom to Mat
Read Next Article » If You’ve Ever Considered Getting a Roomba - Now’s the Time! Here’s a Hot Internet Deal
Read more:
» Microsoft WMF Patch for Windows Metafile (WMF) Issue Released Early - Get It Now!
» Microsoft Announces Web View Security Hole in Windows 2000
» Windows Help Vulnerability Target of Newly Released Trojan
» Serious Vulnerability in Windows Media Player, Windows and MSN Messenger
For additional similar stories check out our archives on Security, Windows
NOTE: We never, ever, ever will recommend any product or service on this site that we have not regularly used ourselves and do not wholeheartedly believe in. That said, in some cases after being very pleased with a product or service, we may enter into a relationship with the provider of that product or service such that if someone purchases that product or service based on our recommendation, we may get a small payment. Such payments go towards the upkeep of the Internet Patrol.
Hi all,
It’s been an interesting day. I saw your security article and thought you might like to be aware this. Here’s a post I made recently in a security forum I frequent called Temerc. Since I use mostly Win9x machines at home, I was forced to find an alternative patch for the WMF exploit. The one you mention above is only for WinXP and related OS’s.
*** From me at http://www.temerc.com ***
Hi all,
Today at work we saw our first casualty due to the WMF exploit. One of my co-workers was foolishly searching for and downloading screen savers. Fortunately our IS department noticed the infected machine probing our intranet. The machine was taken offline and given a complete wipe. My co-worker will now spend a good part of tomorrow re-loading all the special software they were running. It’s a hard lesson, but not nearly as hard to take as the chuckles around the water cooler. LOL
I’m guessing it will be a while before they load any screen savers.
Based on what I saw today, I’m becoming more concerned about this exploit. I went out and loaded a temporary fix I found at NOD32. This one works on Win9x, ME, and the rest. It can also be uninstalled at any time through the add-remove panel.
Have fun!
Clif @ http://clifnotes.tk
WMF Patch by Paolo Monti @ http://www.nod32.ch/en/download/tools.php
Comment by Clif Notes — 1/4/2006 @ 10:58 pm