If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
You may have heard about this already but just in case :
http://www.microsoft.com/technet/sec...ry/912840.mspx http://securityresponse.symantec.com...xploit.56.html What is the scope of the advisory? Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. Is this a security vulnerability that requires Microsoft to issue a security update? We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin. What causes the vulnerability? A vulnerability exists in the way specially crafted Windows Metafile (WMF) images are handled that could allow arbitrary code to be executed. What is the Windows Metafile (WMF) image format? A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system. What might an attacker use the vulnerability to do? An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems. How could an attacker exploit the vulnerability? An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. I am reading e-mail in plain text, does this help mitigate the vulnerability? Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk. Does this vulnerability affect image formats other than Windows Metafile (WMF)? At this point, the only image format affected is the Windows Metafile (WMF) format. It is possible however than an attacker could rename the file extension of a WMF file to that of a different image format. In this situation, it is likely that the Graphic Rendering engine would detect and render the file as a WMF image which could allow exploitation. John L Rice |
#2
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
You folks have fun with your virus collection units. I'll stick with my Macs. |
#3
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
"Randall Ainsworth" wrote in message ... You folks have fun with your virus collection units. I'll stick with my Macs. Haha - Amigas are SO much better than Macs! ;-) John |
#4
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
Randall Ainsworth wrote:
You folks have fun with your virus collection units. I agree. I'm not using a mac ( I run linux on my PC) but I just don't understand why anyone would connect a windows machine to the net when there are other choices that are FAR more secure and are free! Any OS that defaults to running as the root user with NO warnings as to why this is bad (It's not even explained at their "security center"!) is bound to be a problem. -- Stacey |
#5
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
In ,
John L Rice scribed: You may have heard about this already but just in case : snipped If anyone is interested, until Microsoft get their fingers out and patch for this exploit! (rumoured not to be available until 06 Jan at earliest) There is a temporary patch can be downloaded from: http://www.hexblog.com/ hth Nigel |
#6
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
"Stacey" wrote in message ... Randall Ainsworth wrote: You folks have fun with your virus collection units. I agree. I'm not using a mac ( I run linux on my PC) but I just don't understand why anyone would connect a windows machine to the net when there are other choices that are FAR more secure and are free! Any OS that defaults to running as the root user with NO warnings as to why this is bad (It's not even explained at their "security center"!) is bound to be a problem. A quote from SC Magazine (vol. 16, Dec 2005): "While the incidence of new traditional file viruses continues to decline, the incidence of both rootkits and Linux-based malware has increased dramatically in the past two months." Apple and Linux users are now going to share the joy of malware. Sorry, that's just how it works. |
#7
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
"Randall Ainsworth" wrote in message ... You folks have fun with your virus collection units. I'll stick with my Macs. Feeling insecure about yourself, again, Randall? It sure seems that way, Randall. Get some help, Randall. Bob |
#8
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
"John L Rice" a écrit dans le message de ... "Randall Ainsworth" wrote in message ... You folks have fun with your virus collection units. I'll stick with my Macs. Haha - Amigas are SO much better than Macs! ;-) And SO much dedder. Sorry, I loved my Amiga but I have moved on. Jean |
#9
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
Anyone vulnerable to malware simply is not using the right tools to
stop it. The funniest thing is when someone gets "machine gunned" with 100 popups in a few seconds. There is no reason for anyone to have to go to Macs or other non-Windows or Linux systems. -Get a good adware/malware killer like Microsoft's or Adware -Virus cleaner -Registry cleaner -Make sure popup blockers of some kind are working. A good free one is Panicware. All problems solved. This does not excuse Microsoft's pathetic lag-time in addressing these issues which started over a decade ago. |
#10
|
|||
|
|||
FYI - Warning. New Windows vulnerabilty.
RichA wrote:
Anyone vulnerable to malware simply is not using the right tools to stop it. The funniest thing is when someone gets "machine gunned" with 100 popups in a few seconds. There is no reason for anyone to have to go to Macs or other non-Windows or Linux systems. -Get a good adware/malware killer like Microsoft's or Adware -Virus cleaner -Registry cleaner -Make sure popup blockers of some kind are working. A good free one is Panicware. Wow, I don't need any of the above except for the last. Adware, viruses, and registry, what are those? Greg -- "All my time I spent in heaven Revelries of dance and wine Waking to the sound of laughter Up I'd rise and kiss the sky" - The Mekons |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
FYI - Warning. New Windows vulnerabilty. | John L Rice | Digital Photography | 1 | January 3rd 06 08:28 AM |
Alias Maya Unlimited v6.0.1 Linux, Alias Maya Unlimited v6.0.1 Windows, Gnomon Maya stuff 2004 DVDs, CDs, rip | te2 | Film & Labs | 1 | January 26th 05 05:40 AM |
Opening Pentax *ist DS RAW .PEF files in Windows 98? | Helen Edith Stephenson | Digital SLR Cameras | 24 | January 10th 05 08:16 AM |
rotating JPG's, Windows explorer context menu, ImageMagick, anyone? | Robert Barr | Digital Photography | 20 | December 10th 04 12:41 AM |
Windows XP and Mac OS-X put "stuff" on my card | Bruce Patis | Digital Photography | 13 | October 10th 04 04:45 AM |