New Exploit (WMF) in the wild for WinXP and others

WMF flaw

I loved Microsofts bulletin on this…

“Although the issue is serious and malicious attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks are not widespread.”

Then the go on to say…

“Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code.”

Why are you visiting places on the web you’ve never been before? Restrict your browsing to safe places, and everything will be just fine. Right…

Note that this is not a browser issue flaw, it is an OS issue flaw and any browser can have a problem.

There is no offical patch for this. There is however a guy that has come up with a patch.

http://www.hexblog.com/2005/12/wmf_vuln.html

His site is almost impossible to get to due to traffic.

Some other sources of it are:

http://www.grc.com/miscfiles/wmffix_hexblog14.exe
http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi

More info on the flaw:

http://isc.sans.org/

Click on the Internet Threat Level icon.

http://www.f-secure.com/weblog/archives/archive-122005.html#00000754

And MS are “rushing” out a patch for this serious problem!! i.e next Tuesday 10th!

The code is out there right now M$ !!

Thanks for the info and the links Kevin.
Managed to get through very quickly last night.
The warning only appeared in our daily paper yesterday. Thank goodness for helpful members of this forum.

Interestingly the virus scanner vendors only seem to rate this as a low risk…presumably if you’re already protected by their scanners?

In the meantime, Im doing a ‘belt and braces’ job. Now I’ll await any info from Microsoft.

Supposedly MS has released the patch this AM (Pacific)

You usually get updates in the USA at least 24hr before us. It may show up on ato update overnight.

It’s available on the website, the XP version insists on SP2, which is a pain. 4 patched and 3 to go :smiley:

If you force a Windows update you’ll pick it up now.

I download automatically but install manually. That saves a bit of time (even at broadband download speeds).

I do likewise. It had downloaded last night - apart from the exiting of WD and clientraw.txt there was little to shut down before restart.

Looks as if the load on the MS update is high, been trying to get all 6 machines here updated, only getting about one an hour, just keep getting “The website encountered…” from MSs site… not seen this so bad as now…

I agree that reboots are the real pain. This patch may only have been a few seconds, but you sometimes get bigger 10-20MB patches which take nearly a minute to download and you can do a lot more in a minute than you can in just a few seconds :wink:

I updated mine last night. I was already downloaded just needed to be installed.

One of my forced SP2 upgrades crashed (not MS’s fault), fortunately it did a good job of backing itself out and worked fine the second time but there were some nervous moments there :slight_smile:

I was still on dialup when SP2 came out. Saw the size of it and waited until the disc was available with a mag. Peviously, some of the patches were long downloads on dialup.
Living so far from the nearest enabled exchange I can only receive the minimum download speed, but it’s a luxury after dialup.

I like to check what’s going to be installed, but I trust MS enough to download them waiting for installation if I choose to do so.

Seems like WINE is vulnerable too http://blogs.zdnet.com/Ou/index.php?p=146

I thought open source, non-MS software was never susceptible to viruses, trojans or other such nasties :lol:

Administrator boldly goes where :lilangel: fears to tread :lol: