Thread: What is everyone doing about this security flaw til 1/10/06
View Single Post
  #9  
Old 01-05-2006, 02:35 AM
Tom [Pepper] Willett
 
Posts: n/a
Default Re: What is everyone doing about this security flaw til 1/10/06
According to Microsoft's WMF security advisory, only HARDWARE DEP works.

Tom
"Trax" <Pennywise@DerryMaine.Gov> wrote in message
news:96qmr191tjmlo1ugr0rlvrf86t69af1m5j@4ax.com...
| "woody" <woody@woohoo.ca> wrote:
|
||>Here is a temporary fix.
||>
||>http://www.grc.com/sn/notes-020.htm
||>
||>Good luck.
|
| I just ran the test, looks like XP SP2's Data Execution Prevention
| (DEP) blocks the exploit.
|
http://www.microsoft.com/technet/pro.../sp2mempr.mspx
| shorter link http://tinyurl.com/4o6bb
|
||>Woody
||>
||>"dblues" <dblues@discussions.microsoft.com> wrote in message
||>news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
||>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch
for
||>> a
||>> new security flaw at its next scheduled update release on Jan. 10,
leaving
||>> users largely unprotected until then from a rapidly spreading computer
||>> virus
||>> strain.
||>>
||>> "Microsoft's delay is inexcusable," said Alan Paller, director of
research
||>> at computer security group SANS Institute. "There's no excuse other
than
||>> incompetence and negligence."
||>>
||>> "It's a problem that there's no known solution from Microsoft," said
||>> Alfred
||>> Huger, senior director of engineering at Symantec Corp.'s (SYMC)
security
||>> response team.
||>>
||>> SANS Institute, via its Internet Storm Center, has taken the unusual
step
||>> of
||>> releasing its own patch for the problem until a Microsoft-approved fix
is
||>> available. "It's not something we like to do," said Paller.
||>>
||>> The Internet Storm Center, which tracks viruses and other outbreaks on
the
||>> Web, increased the threat level to "yellow" - a warning that means a
||>> significant new threat is developing.
||>>
||>> Microsoft said evaluation and testing affect the timing of security
||>> patches.
||>> "Creating security updates that effectively fix vulnerabilities is an
||>> extensive process. There are many factors that impact the length of
time
||>> between the discovery of a vulnerability and the release of a security
||>> update," Microsoft said in a security advisory on its Web site.
||>>
||>> "Quality is the gating factor," said a Microsoft spokeswoman. The
company
||>> views the issue as "serious," but believes that "the scope of the
attacks
||>> is
||>> not widespread," she added.
||>>
||>> The attack is the latest to hit Microsoft, despite redoubled efforts to
||>> respond to security threats. With more than 90% of personal computers
||>> running
||>> Windows, it represents the biggest target for hackers.
||>>
||>> The virus began spreading last week, as hackers took advantage of a
||>> previously unknown flaw in Windows Meta File code in what is known as a
||>> "zero-day attack."
||>>
||>> The small amount of code in the virus can call down other programs that
||>> could install spyware to steal personal data or turn a system into a
"bot"
||>> (a
||>> computer controlled by hackers).
||>>
||>> "The flaw is fairly significant in terms of its reach," said Alain
||>> Sergile,
||>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force
threat
||>> analysis service.
||>>
||>> The bug was found in current server and desktop versions of Windows and
is
||>> considered serious because it requires relatively minor user
interaction
||>> to
||>> be unleashed. The virus is carried in picture files and can be
triggered
||>> if
||>> an image is viewed in an email or on an infected Web site. It is also
||>> being
||>> distributed through Instant Messenger.
||>>
||>> Johannes Ullrich, chief research officer at SANS Institute, said there
are
||>> hundreds of Web sites that carry the infected images, and he's tracking
||>> the
||>> possibility that an online ad service is serving up infected image
files.
||>> He
||>> says 5% to 10% of users appear to be infected, "an order of magnitude
more
||>> than other attacks."
||>>
||>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as
it
||>> indexes files on a computer, even if the image hasn't been viewed by
the
||>> user.
||>>
||>> The virus takes advantage of the way Windows processes Windows Meta
Files,
||>> or WMF, images. These file types can carry more common .jpg extensions,
||>> but
||>> still carry the malicious code.
||>>
||>> Microsoft recommends users unregister a file called shimgvw.dll. "While
||>> this
||>> workaround will not correct the underlying vulnerability, it helps
block
||>> known attack vectors," the software maker says in its security
advisory.
||>>
||>> Security experts are advising people to turn off preview panes in email
||>> programs like Outlook and be very careful about what web sites they
visit
||>> and
||>> what emails they open.
||>>
||>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
||>> chris.reiter@dowjones.com
||>>
||>
|
|
| --
| http://blueballfixed.ytmnd.com/


Reply With Quote