spiderwebwoman

step into my parlor ...

Recent Posts

Tags

News

  • View Kathleen Anderson's profile on LinkedIn

    Microsoft MVP - Expression Web


Community

Email Notifications

Archives

Exploit Released for Unpatched Windows Flaw

http://blogs.washingtonpost.com/securityfix/2005/12/exploit_release.html

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

Anti-virus company Symantec warned of the new exploit, which it said uses a vulnerability in the way Windows computers process certain image files (Windows Meta Files, or those ending in .wmf).

Update, 12:30 p.m. ET: Several security groups are reporting that it is extremely easy to get whacked by this vulnerability/exploit just by visiting one of a growing number of malicious Web sites that are now employing this attack. F-Secure's blog post on this indicates that -- because the vulnerability lies in the way Windows parses WMF image files -- Firefox and Opera users also can get infected -- although they at least have to agree to download and run a file first. The Sunbelt Blog also has some good information on this exploit, including some nice screenshots of what it looks like when your machine gets hit with this.

What's more, the exploit itself has just been rolled into Metasploit, an open-source vulernability assessment tool that the bad guys also can use to help automate attacks.

A Microsoft spokesperson said the company is investigating, though no official word from them yet. A couple of security firms, including Verisign's iDefense, have published workarounds that appear to mitigate the threat. According to iDefense, Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

iDefense notes that this workaround may interfere with certain thumbnail images loading correctly, though I have used the hack on my machine and haven't had any problems yet. The company notes that once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.