[ALERT] Second Metafile Vulnerability in Windows!

Status
Not open for further replies.

naveenchandran

In the zone
Sites exploit MS Windows image flaw

Computer users are being alerted to a new flaw in Microsoft Windows which can be used to attack a PC.

The US net watchdog, the Computer Emergency Response Center (Cert), and security firms have issued warnings about certain types of image files called Windows Metafiles.

Experts said numerous websites were taking advantage of the flaw to sneak into computers and install spyware.

Microsoft has said it is looking into the issue.

Spam bots

The flaw centres on the way Microsoft's operating system handles Windows Metafiles (.wmf). These are image files that can contain both vector and bitmap-based picture information.

"Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources" --- Microsoft security advisory

The hole means that an attacker can hide malicious code on a webpage or an e-mail containing files with the wmf extension.

"Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems," said Cert. "However, other versions of the Windows operating system may be at risk as well."

Security firm Websense said it had discovered numerous websites that were using the flaw to infect a PC with spyware.

It said the spyware tried to trick people into handing over their credit card details as well as installing software to send thousands of spam e-mails.

The appearance of the exploit on websites has led security firms to raise the level of alert, with Secunia describing the hole as extremely critical.

Experts say there is no patch available for the flaw, which affects computers running Windows XP, ME, 2000 and Windows Microsoft Windows Server 2003.

"Microsoft is investigating new public reports of a possible vulnerability in Windows," said a security advisory on its website.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers.

"Microsoft encourages users to exercise caution when they open e-mail and links in e-mail from untrusted sources."

It has also provided details of a temporary way around the flaw which involves switching off the Windows Picture and Fax Viewer in Windows XP.

Source: *news.bbc.co.uk/1/hi/technology/4566504.stm
 

LegendKiller

In the zone
PlzRead it!!!

I think guys should take it seriously and do what ever they can :evil:
Kaspersky has released its patch for version 5 and beta-testers plz get hold of newest build(.253)
More news:Neowin.net
Kaspersky:KnowledgeBase(for version5)
KasperskyBeta:Build.253
 

planetcall

Indian by heart
अबंटू का प्रयोग करें अन्यथा जाल हेतु फायरफौक्स स्थापित करें
*img57.exs.cx/img57/8852/203010149541a36196c008f0cy.png
 

LegendKiller

In the zone
Oh my god! that reminded me of my hindi teacher in school who was a phd in hindi from patna university and believe me everything she use to say use to go over my head just like it happened here.... :) :wink:
 
OP
N

naveenchandran

In the zone
Microsoft Statement Concerning Windows Meta File Vulnerability

Microsoft has completed development of a security update to fix the vulnerability and is now testing it for quality and application compatibility, with a goal of releasing the fix worldwide on Jan. 10.

REDMOND, Wash., Jan. 3, 2006 -- On Tuesday, December 27, 2005, Microsoft became aware of public reports of attacks on some customers that exploit a vulnerability in the Windows Meta File (WMF) code area in the Windows platform. Upon learning of the attacks, Microsoft mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement.

Microsoft has completed development of a security update to fix the vulnerability. The security update is now being finalized through testing to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins on the second Tuesday of the month. The update will be released worldwide simultaneously in 23 languages for all affected versions of Windows once it passes a series of rigorous testing procedures. It will be available through Microsoft Update and Windows Update, as well as Microsoft’s Download Center and through Windows Server Update Services for enterprise customers. Customers who use Windows’ Automatic Updates feature will be delivered the fix automatically.

Based on strong customer feedback, all Microsoft’s security updates must pass a series of testing processes, including testing by third-parties, to assure customers that they can be deployed effectively in all languages and for all versions of the platform with minimum down time.

Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement. Although the issue is serious and the attacks are being attempted, Microsoft’s intelligence sources indicate that the scope of the attacks is limited. In addition, attacks exploiting the WMF vulnerability are being effectively mitigated by anti-virus companies with up-to-date signatures.

Customer Guidance

Users should take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code. Additionally, consumer customers should follow guidance on safe browsing. Enterprise customers should review Microsoft’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability.

The intentional use of exploit code, in any form, to cause damage to computer users, is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case. Customers who believe they have been attacked should contact their local FBI office or post their complaint on the Internet Fraud Complaint Center Web site. Customers outside the U.S. should contact the national law enforcement agency in their country.

Customers who believe they may have been maliciously attacked by exploitation of the WMF issue can contact Microsoft’s Product Support Services for free assistance by calling the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: *support.microsoft.com/security. Microsoft also continues to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates and installing anti-virus software. Customers can learn more about these steps at www.microsoft.com/protect.


Source: *www.microsoft.com/presspass/press/2006/jan06/01-03WMFUpdatePR.mspx
 
OP
N

naveenchandran

In the zone
Round two begins for Microsoft, as they are faced with yet another WMF vulnerability. A hacker who goes by the name “concoruder� posted his two newly discovered WMF vulnerabilities on Monday, on the popular security mailing list Bugtrap.

These two new WMF vulnerabilities are not as serious as the one patched last week, which allowed an attacker to take control of a Windows machine. At worst these new WMF exploits would crash any WMF-viewing software, such as Microsoft's Internet Explorer. According to the Bugtrap posting these vulnerabilities can be found in:

* Windows XP SP2
* Windows XP SP1
* Windows Server 2003 SP1
* Windows Server 2003
* Windows ME
* Windows 98se
* Windows 98
* Windows 2000 SP4


Due to the rather low security risk of these two vulnerabilities, Microsoft will most likely release a patch during its regular scheduled patch cycle.

Source: Neowin.net
 
Status
Not open for further replies.
Top Bottom