Thread: What is everyone doing about this security flaw til 1/10/06
View Single Post
  #8  
Old 01-05-2006, 02:35 AM
Trax
 
Posts: n/a
Default Re: What is everyone doing about this security flaw til 1/10/06
"woody" <woody@woohoo.ca> wrote:

|>Here is a temporary fix.
|>
|>http://www.grc.com/sn/notes-020.htm
|>
|>Good luck.

I just ran the test, looks like XP SP2's Data Execution Prevention
(DEP) blocks the exploit.
http://www.microsoft.com/technet/pro.../sp2mempr.mspx
shorter link http://tinyurl.com/4o6bb

|>Woody
|>
|>"dblues" <dblues@discussions.microsoft.com> wrote in message
|>news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
|>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
|>> a
|>> new security flaw at its next scheduled update release on Jan. 10, leaving
|>> users largely unprotected until then from a rapidly spreading computer
|>> virus
|>> strain.
|>>
|>> "Microsoft's delay is inexcusable," said Alan Paller, director of research
|>> at computer security group SANS Institute. "There's no excuse other than
|>> incompetence and negligence."
|>>
|>> "It's a problem that there's no known solution from Microsoft," said
|>> Alfred
|>> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
|>> response team.
|>>
|>> SANS Institute, via its Internet Storm Center, has taken the unusual step
|>> of
|>> releasing its own patch for the problem until a Microsoft-approved fix is
|>> available. "It's not something we like to do," said Paller.
|>>
|>> The Internet Storm Center, which tracks viruses and other outbreaks on the
|>> Web, increased the threat level to "yellow" - a warning that means a
|>> significant new threat is developing.
|>>
|>> Microsoft said evaluation and testing affect the timing of security
|>> patches.
|>> "Creating security updates that effectively fix vulnerabilities is an
|>> extensive process. There are many factors that impact the length of time
|>> between the discovery of a vulnerability and the release of a security
|>> update," Microsoft said in a security advisory on its Web site.
|>>
|>> "Quality is the gating factor," said a Microsoft spokeswoman. The company
|>> views the issue as "serious," but believes that "the scope of the attacks
|>> is
|>> not widespread," she added.
|>>
|>> The attack is the latest to hit Microsoft, despite redoubled efforts to
|>> respond to security threats. With more than 90% of personal computers
|>> running
|>> Windows, it represents the biggest target for hackers.
|>>
|>> The virus began spreading last week, as hackers took advantage of a
|>> previously unknown flaw in Windows Meta File code in what is known as a
|>> "zero-day attack."
|>>
|>> The small amount of code in the virus can call down other programs that
|>> could install spyware to steal personal data or turn a system into a "bot"
|>> (a
|>> computer controlled by hackers).
|>>
|>> "The flaw is fairly significant in terms of its reach," said Alain
|>> Sergile,
|>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
|>> analysis service.
|>>
|>> The bug was found in current server and desktop versions of Windows and is
|>> considered serious because it requires relatively minor user interaction
|>> to
|>> be unleashed. The virus is carried in picture files and can be triggered
|>> if
|>> an image is viewed in an email or on an infected Web site. It is also
|>> being
|>> distributed through Instant Messenger.
|>>
|>> Johannes Ullrich, chief research officer at SANS Institute, said there are
|>> hundreds of Web sites that carry the infected images, and he's tracking
|>> the
|>> possibility that an online ad service is serving up infected image files.
|>> He
|>> says 5% to 10% of users appear to be infected, "an order of magnitude more
|>> than other attacks."
|>>
|>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
|>> indexes files on a computer, even if the image hasn't been viewed by the
|>> user.
|>>
|>> The virus takes advantage of the way Windows processes Windows Meta Files,
|>> or WMF, images. These file types can carry more common .jpg extensions,
|>> but
|>> still carry the malicious code.
|>>
|>> Microsoft recommends users unregister a file called shimgvw.dll. "While
|>> this
|>> workaround will not correct the underlying vulnerability, it helps block
|>> known attack vectors," the software maker says in its security advisory.
|>>
|>> Security experts are advising people to turn off preview panes in email
|>> programs like Outlook and be very careful about what web sites they visit
|>> and
|>> what emails they open.
|>>
|>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
|>> chris.reiter@dowjones.com
|>>
|>


--
http://blueballfixed.ytmnd.com/
Reply With Quote