"extremely critical" Windows WMF bug.

Started by Barbarian, Thu 05/01/2006 18:23:50

Previous topic - Next topic

Barbarian

If you follow the tech news, you're probably already aware of a very serious Windows bug that is now starting to be widely exploited by hackers / spyware / trojans, that by simply viewing a specifically malformed picture / image file (even if just viewing it on a webpage), you can have your system infected.
You can read more about the official story from several internet News sites, one such as this: http://news.bbc.co.uk/2/hi/technology/4580852.stm

and HereÃ,  and Here.

More detailed information about this nasty bug can currently be found here:
http://isc.sans.org/diary.php  ,here http://handlers.dshield.org/jullrich/wmffaq.html
and here
http://www.f-secure.com/weblog/archives/archive-012006.html#00000768

Micro$oft does not as of yet have a patch to fix this problem (it's in the works still), and they are trying to downplay the seriousness of the flaw.Ã, 
As far as I know most all version of Windows are vunerable to this bug.Ã,  MicroSoft does not officially support some older versions of Windows, and you may not want to take the risk of having a very serious bug that hackers world-wide are working hard to exploit it as much as possible, while you wait untill MicroSoft finally decides to release a patch.
So, in the meantime, there is a vunerability-checker and an "unofficial" patch that can be downloaded and installed from the following site: http://www.hexblog.com/

This "unofficial" patch has been recommended by many security websites and is deemed to be safe and fully un-installable (that being said, installing any such files is at the users own risk, but I think it's more of a risk not to install some kind of protection while waiting for Micro$oft to get off their ass regarding this problem).

Keep your anti-virus up to date, be careful of opening strange emails or clicking on suspicious links. This is one of the most serious Windows bugs ever exposed, so take care.
Best wishes.
Conan: "To crush your enemies, see them driven before you, and to hear the lamentation of the women!"
Mongol General: "That is good."

Blade of Rage: www.BladeOfRage.com

mwahahaha

Microsoft have been pretty stupid lately, first all that crap with the 360s, now another bug exposed in windows and they're trying to avoid it.  If they want people to actually support them in the future, they should really act more responsibly than releasing a bunch of buggy machines that they claim to have been "fully tested" and now trying to avoid an outcry about a serious bug by pretending it's not important.

Gregjazz

Good programmers rewrite code. Microsoft programmers just try to "patch" up the bugs rather than doing a very necessary rewrite. That's what I've been noticing in Windows, is that even the latest versions of Windows are all built on the really early stuff.

Haddas

Yeah. I've been following this since december. I've been using the unofficial patches for a while now. Also. if you have google desktop installed, get rid of it immediately.

BOYD1981

Quote from: mwahahaha on Thu 05/01/2006 23:12:04
Microsoft have been pretty stupid lately, first all that crap with the 360s, now another bug exposed in windows and they're trying to avoid it.Ã,  If they want people to actually support them in the future, they should really act more responsibly than releasing a bunch of buggy machines that they claim to have been "fully tested" and now trying to avoid an outcry about a serious bug by pretending it's not important.

it's not actually a bug, it's a feature in WMF files that allows code to be executed which was a good idea at the time.
it's not microsoft's fault there are a bunch of pricks about creating these viruses either.

Limey Lizard, Waste Wizard!
01101101011000010110010001100101001000000111100101101111011101010010000001101100011011110110111101101011

LGM

Just don't open a wmf file.. It's not like huge claws are going to reach through the screen and devour your head.

The media is in a lull of news so now they latch on to stuff like this. It's NOT that bad.
You. Me. Denny's.

Gregjazz

Quote from: BOYD1981 on Thu 05/01/2006 23:20:10
it's not actually a bug, it's a feature in WMF files that allows code to be executed which was a good idea at the time.

Novel!

Imagine the amount of genius that it took to come up with that brilliant idea.

Haddas

Quote from: [lgm] on Thu 05/01/2006 23:20:56
Just don't open a wmf file..

The files can be masked as any image format. Only a small amount of these viruses actually end in .wmf


BOYD1981

Quote from: Geoffkhan on Thu 05/01/2006 23:22:50
Quote from: BOYD1981 on Thu 05/01/2006 23:20:10
it's not actually a bug, it's a feature in WMF files that allows code to be executed which was a good idea at the time.

Novel!

Imagine the amount of genius that it took to come up with that brilliant idea.

it was a useful idea at the time and was meant for faxes, something to do with callback code or something (this is back in the days of win3.11), but there weren't as many internet users back then who were shitheads that would exploit it.
stuff like that could be very useful but some turd would come along and exploit it.

Limey Lizard, Waste Wizard!
01101101011000010110010001100101001000000111100101101111011101010010000001101100011011110110111101101011

IM NOT TEH SPAM

And it also (as far as i can tell) is only in xp pro, not home edititon.
APPARENTLY IM ON A "TROLLING SPREE"

Haddas

Tested to go back all the way to windows 98, without a patch for it :)

IM NOT TEH SPAM

Quote from: Haddas on Thu 05/01/2006 23:52:46
Tested to go back all the way to windows 98, without a patch for it :)

Really?  Oh, then damn...
APPARENTLY IM ON A "TROLLING SPREE"


Indie Boy

funny that my windows wants to update at the moment it must be Chicky
I won't use this login.
Try IndieBoy instead

TheYak

MS has released a patch.  Considering the unofficial one was leaked from MS, I think not waiting 10 days (as previously planned) was probably a smart move.  The .WMF, by the way, could be masked as another image file (say a .jpg) embedded in a webpage, and still manage to execute code. 

Anyway, the patch is obtainable now via the usual WinUpdate (which has gotten more high-security setting / firefox friendly). 

BOYD1981

Windows Update has never worked on my pc, all the updates fail to install, i don't see why the hell they can't just release single downloadable files like they used to instead of pimping their wares...

Limey Lizard, Waste Wizard!
01101101011000010110010001100101001000000111100101101111011101010010000001101100011011110110111101101011

Gilbert

So they can track down how frequently would you visit p0rn sites.

Barbarian

#17
Yay! As just mentioned above in this thread, they finally decided released an "official" patch now.
I guess Micro$oft was getting too much heat over the problem and that they initially were going to wait untill the regular Security-Update cycle to release a patch to fix the WMF bug (as probably they may have been earlier thinking if they released the patch out-of-cycle, then it'd be an admission of the seriousness of the flaw, and, heck, Micro$oft is near flawless in it's monopoly wisdom isn't it?Ã,  ;) ).

You can read a recent news article about the Microsoft Patch release here:
http://edition.cnn.com/2006/TECH/internet/01/05/wmfflaw/index.html

Though, I notice, they are not supporting older Windows version such asÃ, 98 and ME, so if you're running one of those older Windows versions it still might be wise to apply the "un-official" patch.

Best regards.
Conan: "To crush your enemies, see them driven before you, and to hear the lamentation of the women!"
Mongol General: "That is good."

Blade of Rage: www.BladeOfRage.com

Haddas

I recall the unofficial pathces morking for 98. However I haven't checked it in a few days. All that was needed for an infection was a 1x1 transparrent image :)

Elliott Hird


SMF spam blocked by CleanTalk