FYI - Warning. New Windows vulnerabilty.

You may have heard about this already but just in case :

http://www.microsoft.com/technet/sec...ry/912840.mspx

http://securityresponse.symantec.com...xploit.56.html

What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting the Graphics
Rendering Engine in Microsoft Windows.

Is this a security vulnerability that requires Microsoft to issue a security
update?
We are currently investigating the issue to determine the appropriate course
of action for customers. We will include the fix for this issue in an
upcoming security bulletin.

What causes the vulnerability?
A vulnerability exists in the way specially crafted Windows Metafile (WMF)
images are handled that could allow arbitrary code to be executed.

What is the Windows Metafile (WMF) image format?
A Windows Metafile (WMF) image is a 16-bit metafile format that can contain
both vector information and bitmap information. It is optimized for the
Windows operating system.

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take
complete control of the affected system. In a Web-based attack scenario, an
attacker would host a Web site that exploits this vulnerability. An attacker
would have no way to force users to visit a malicious Web site. Instead, an
attacker would have to persuade them to visit the Web site, typically by
getting them to click a link that takes them to the attacker's site. It
could also be possible to display specially crafted Web content by using
banner advertisements or by using other methods to deliver Web content to
affected systems.

How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this
vulnerability through Internet Explorer and then persuade a user to view the
Web site.

I am reading e-mail in plain text, does this help mitigate the
vulnerability?
Yes. Reading e-mail in plain text does mitigate this vulnerability where the
e-mail vector is concerned although clicking on a link would still put users
at risk.

Does this vulnerability affect image formats other than Windows Metafile
(WMF)?
At this point, the only image format affected is the Windows Metafile (WMF)
format. It is possible however than an attacker could rename the file
extension of a WMF file to that of a different image format. In this
situation, it is likely that the Graphic Rendering engine would detect and
render the file as a WMF image which could allow exploitation.


John L Rice

You folks have fun with your virus collection units.

I'll stick with my Macs.

"Randall Ainsworth" wrote in message
...

You folks have fun with your virus collection units.

I'll stick with my Macs.

Haha - Amigas are SO much better than Macs! ;-)

John

Randall Ainsworth wrote:


You folks have fun with your virus collection units.



I agree. I'm not using a mac ( I run linux on my PC) but I just don't
understand why anyone would connect a windows machine to the net when there
are other choices that are FAR more secure and are free! Any OS that
defaults to running as the root user with NO warnings as to why this is bad
(It's not even explained at their "security center"!) is bound to be a
problem.
--

Stacey

In ,
John L Rice scribed:
You may have heard about this already but just in case :

snipped

If anyone is interested, until Microsoft get their fingers out and patch for
this exploit! (rumoured not to be available until 06 Jan at earliest) There
is a temporary patch can be downloaded from:

http://www.hexblog.com/

hth
Nigel

"Stacey" wrote in message
...
Randall Ainsworth wrote:


You folks have fun with your virus collection units.



I agree. I'm not using a mac ( I run linux on my PC) but I just don't
understand why anyone would connect a windows machine to the net when
there
are other choices that are FAR more secure and are free! Any OS that
defaults to running as the root user with NO warnings as to why this is
bad
(It's not even explained at their "security center"!) is bound to be a
problem.

A quote from SC Magazine (vol. 16, Dec 2005): "While the incidence of new
traditional file viruses continues to decline, the incidence of both
rootkits and Linux-based malware has increased dramatically in the past two
months."

Apple and Linux users are now going to share the joy of malware. Sorry,
that's just how it works.

"Randall Ainsworth" wrote in message
...

You folks have fun with your virus collection units.

I'll stick with my Macs.


Feeling insecure about yourself, again, Randall?

It sure seems that way, Randall.

Get some help, Randall.

Bob

"John L Rice" a écrit dans le message de
...

"Randall Ainsworth" wrote in message
...

You folks have fun with your virus collection units.

I'll stick with my Macs.

Haha - Amigas are SO much better than Macs! ;-)


And SO much dedder. Sorry, I loved my Amiga but I have moved on.

Jean

Anyone vulnerable to malware simply is not using the right tools to
stop it.
The funniest thing is when someone gets "machine gunned" with 100
popups
in a few seconds. There is no reason for anyone to have to go to Macs
or other
non-Windows or Linux systems.
-Get a good adware/malware killer like Microsoft's or Adware
-Virus cleaner
-Registry cleaner
-Make sure popup blockers of some kind are working. A good free one is
Panicware.

All problems solved. This does not excuse Microsoft's pathetic
lag-time in addressing
these issues which started over a decade ago.

RichA wrote:
Anyone vulnerable to malware simply is not using the right tools to
stop it.
The funniest thing is when someone gets "machine gunned" with 100
popups
in a few seconds. There is no reason for anyone to have to go to Macs
or other
non-Windows or Linux systems.
-Get a good adware/malware killer like Microsoft's or Adware
-Virus cleaner
-Registry cleaner
-Make sure popup blockers of some kind are working. A good free one is
Panicware.


Wow, I don't need any of the above except for the last. Adware,
viruses, and registry, what are those?

Greg

--
"All my time I spent in heaven
Revelries of dance and wine
Waking to the sound of laughter
Up I'd rise and kiss the sky" - The Mekons