Thursday, January 05, 2006

Unofficial Fix Available; Microsoft Working Slow

UPDATE: Microsoft seems to have supplied its official fix. I haven't checked to see if it's on Windows Update yet. See Microsoft Security Bulletin MS06-001 for details. You can download the patches directly from there too.

Microsoft won't release a fix for its WMF security bug in every Windows operating system since 1990 until January 10.

Huge virus threat rocks Microsoft
NEW YORK ( - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.

According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.

The bug is pretty bad. If you just happen to VIEW a malicious image (perhaps an attachment on an e-mail or on a new website you are visiting) then you get hit by it. Usually you have to do something to grant the virus access to your system. Now it can happen automatically!

It's a good idea to install the unofficial patch avialable at:

.MSI installer file for WMF flaw available (NEW)
Published: 2006-01-03,
Last Updated: 2006-01-03 16:16:44 UTC by Tom Liston (Version: 1)

For all of you corporate folk out there, we now have a .msi installer file available for version 1.4 of Ilfak Guilfanov's unofficial patch for the Windows .WMF flaw. A very big "thank you" goes out to Evan Anderson of Wellbury Information Services, L.L.C. for his diligent efforts to get this put together. Note: Like Mr. Guilfanov's original patch, this will dump out not only Guilfanov's source code, but also the code that Evan wrote to do the install from within the .msi. Note also: We have reverse engineered and verified that the installation/uninstallation code in the .msi does what it says it does and nothing more. The wmfhotfix.dll installed is the binary equivalent of the previously vetted version 1.4.

WMFHotfix-1.1.14.msi has an MD5 of 0dd56dac6b932ee7abf2d65ec34c5bec
A pgp signature using the SANS ISC key is available as well.

Technorati Tags: , , , , , , , , , , , , , , ,

No comments: