> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Veech > Sent: Monday, January 02, 2006 10:20 PM > To: The Hardware List > Subject: [H] Windows vulnerability? > > > Guys, what's your opinion of this? > > http://www.grc.com/sn/notes-020.htm > > Sounds troubling..
To quote the SANS article, "The Microsoft WMF vulnerability is bad. It is very, very bad." http://isc.sans.org/diary.php?rss&storyid=996 This link defines the problem pretty well. I'll let the article speak for itself. http://antivirus.about.com/od/virusdescriptions/a/wmfexploit_4.htm Any app that displays a WMF (Windows Meatfile) can cause a user's system to become infected. But again, AFAIK this is another example of "social engineering" to the extent that a user must interact or click on a URL that contains infected content. But I don't know if this is 100% correct. There may be other scenarios where a system can become infected. It's a Windows vulnerability and not a browser issue. No difference if one is using IE or Firefox. You don't have to specifically be using Windows Picture and Fax Viewer.If the image is infected it can allegedly install trojans, spyware, toolbars and lots of other nasty stuff. All this occurs on a fully patched Windows system. There is currently no Windows patch for this and may not be available until perhaps next week. AV protection is also a rather dicey affair. http://www.eweek.com/article2/0,1895,1907102,00.asp Thus as of this writing there are only 2 solution. I believe SANS recommends BOTH as they are the only solutions currently available. Unregister the affected .dll. You know the drill: Start/Run regsvr32 -u %windir%\system32\shimgvw.dll There is an unofficial patch for the vulnerability. You can snag it directly from here: http://www.hexblog.com/security/files/wmffix_hexblog13.exe It can be uninstalled when the MS patch becomes available. Bill
