Thread: What is everyone doing about this security flaw til 1/10/06
View Single Post
  #6  
Old 01-05-2006, 02:35 AM
Wesley Vogel
 
Posts: n/a
Default Re: What is everyone doing about this security flaw til 1/10/06
Which is worse, a hurry-up-untested-fix or the exploit?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%233fvvhOEGHA.1312@TK2MSFTNGP09.phx.gbl,
woody <woody@woohoo.ca> hunted and pecked:
> Here is a temporary fix.
>
> http://www.grc.com/sn/notes-020.htm
>
> Good luck.
>
> Woody
>
> "dblues" <dblues@discussions.microsoft.com> wrote in message
> news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
>> a
>> new security flaw at its next scheduled update release on Jan. 10,
>> leaving users largely unprotected until then from a rapidly spreading
>> computer virus
>> strain.
>>
>> "Microsoft's delay is inexcusable," said Alan Paller, director of
>> research at computer security group SANS Institute. "There's no excuse
>> other than incompetence and negligence."
>>
>> "It's a problem that there's no known solution from Microsoft," said
>> Alfred
>> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
>> response team.
>>
>> SANS Institute, via its Internet Storm Center, has taken the unusual step
>> of
>> releasing its own patch for the problem until a Microsoft-approved fix is
>> available. "It's not something we like to do," said Paller.
>>
>> The Internet Storm Center, which tracks viruses and other outbreaks on
>> the Web, increased the threat level to "yellow" - a warning that means a
>> significant new threat is developing.
>>
>> Microsoft said evaluation and testing affect the timing of security
>> patches.
>> "Creating security updates that effectively fix vulnerabilities is an
>> extensive process. There are many factors that impact the length of time
>> between the discovery of a vulnerability and the release of a security
>> update," Microsoft said in a security advisory on its Web site.
>>
>> "Quality is the gating factor," said a Microsoft spokeswoman. The company
>> views the issue as "serious," but believes that "the scope of the attacks
>> is
>> not widespread," she added.
>>
>> The attack is the latest to hit Microsoft, despite redoubled efforts to
>> respond to security threats. With more than 90% of personal computers
>> running
>> Windows, it represents the biggest target for hackers.
>>
>> The virus began spreading last week, as hackers took advantage of a
>> previously unknown flaw in Windows Meta File code in what is known as a
>> "zero-day attack."
>>
>> The small amount of code in the virus can call down other programs that
>> could install spyware to steal personal data or turn a system into a
>> "bot" (a
>> computer controlled by hackers).
>>
>> "The flaw is fairly significant in terms of its reach," said Alain
>> Sergile,
>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
>> analysis service.
>>
>> The bug was found in current server and desktop versions of Windows and
>> is considered serious because it requires relatively minor user
>> interaction to
>> be unleashed. The virus is carried in picture files and can be triggered
>> if
>> an image is viewed in an email or on an infected Web site. It is also
>> being
>> distributed through Instant Messenger.
>>
>> Johannes Ullrich, chief research officer at SANS Institute, said there
>> are hundreds of Web sites that carry the infected images, and he's
>> tracking the
>> possibility that an online ad service is serving up infected image files.
>> He
>> says 5% to 10% of users appear to be infected, "an order of magnitude
>> more than other attacks."
>>
>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
>> indexes files on a computer, even if the image hasn't been viewed by the
>> user.
>>
>> The virus takes advantage of the way Windows processes Windows Meta
>> Files, or WMF, images. These file types can carry more common .jpg
>> extensions, but
>> still carry the malicious code.
>>
>> Microsoft recommends users unregister a file called shimgvw.dll. "While
>> this
>> workaround will not correct the underlying vulnerability, it helps block
>> known attack vectors," the software maker says in its security advisory.
>>
>> Security experts are advising people to turn off preview panes in email
>> programs like Outlook and be very careful about what web sites they visit
>> and
>> what emails they open.
>>
>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
>> chris.reiter@dowjones.com

Reply With Quote