Thread: WMF Exploit!!! Install this patch now!
View Single Post
  #19  
Old 01-05-2006, 02:50 AM
Chris H.
 
Posts: n/a
Default Re: WMF Exploit!!! Install this patch now!
Yes, they should. How you can trust some sites which have claimed for more
than four years that Universal Plug and Play is going to "bring down the
Internet." ROFLOL! Yup, the Internet failed in 2001. Right.
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone


"Josh Einstein" <josheinstein@hotmail.com> wrote in message
news:OddXjBJEGHA.2036@TK2MSFTNGP14.phx.gbl...
> I'm just saying people should trust security experts. There *are* people
> out there more qualified to give security guidance than you or MS. SANS,
> F-secure, and Steve Gibson are 3 such parties.
>
> The patch may be unknown to or untested by you, but not to those security
> experts.
>
> --
> Josh Einstein
> Tablet Enhancements for Outlook 2.0 - Try it free for 14 days
> www.tabletoutlook.com
>
> "Chris H." <winxpnews@hotmail.com> wrote in message
> news:eNZBS6IEGHA.140@TK2MSFTNGP12.phx.gbl...
>> Please speak for yourself only, Josh. This is a serious subject, and you
>> shouldn't be letting your personal opinions about people interfere with
>> guiding users in the right direction. It is irresponsible for anyone
>> download and install such an unknown, untested patch. Microsoft's
>> security bulletin, in part, already issued on the subject:
>> =====
>> Microsoft Security Advisory (912840)
>> Vulnerability in Graphics Rendering Engine Could Allow Remote Code
>> Execution.
>> Microsoft is investigating new public reports of a vulnerability in
>> Windows. Microsoft will continue to investigate the public reports to
>> help provide additional guidance for customers.
>> Microsoft is aware of detailed exploit code that could allow an attacker
>> to execute arbitrary code in the security context of the logged on user
>> when visiting a Web site, which contains a specially crafted Windows
>> Metafile (WMF) image. An attacker would have no way to force users to
>> visit a malicious Web site. Instead, an attacker would have to persuade
>> them to visit the Web site, typically by getting them to click a link
>> that takes them to the attacker's Web site.
>> Customers are encouraged to keep their antivirus software up to date. The
>> Microsoft Windows AntiSpyware (Beta) can also help protect your system
>> from spyware and other potentially unwanted software. We will continue to
>> investigate these public reports.
>> Upon completion of this investigation, Microsoft will take the
>> appropriate action to help protect our customers. This will include
>> providing a security update through our monthly release process or
>> providing an out-of-cycle security update, depending on customer needs.
>> Microsoft encourages users to exercise caution when they open e-mail and
>> links in e-mail from untrusted sources. For more information about Safe
>> Browsing, visit the Trustworthy Computing Web site.
>> We continue to encourage customers to follow our Protect Your PC guidance
>> of enabling a firewall, applying software updates and installing
>> antivirus software. Customers can learn more about these steps at the
>> Protect Your PC Web site.
>> Customers who believe they may have been affected by this issue can
>> contact Product Support Services. You can contact Product Support
>> Services in the United States and Canada at no charge using the PC Safety
>> line (1 866-PCSAFETY). Customers outside of the United States and Canada
>> can locate the number for no-charge virus support by visiting the
>> Microsoft Help and Support Web site.
>> Mitigating Factors:
>> · In a Web-based attack scenario, an attacker would have to host
>> a Web site that contains a Web page that is used to exploit this
>> vulnerability. An attacker would have no way to force users to visit a
>> malicious Web site. Instead, an attacker would have to persuade them to
>> visit the Web site, typically by getting them to click a link that takes
>> them to the attacker's Web site.
>> · An attacker who successfully exploited this vulnerability
>> could gain the same user rights as the local user. Users whose accounts
>> are configured to have fewer user rights on the system could be less
>> impacted than users who operate with administrative user rights.
>> · By default, Internet Explorer on Windows Server 2003, on
>> Windows Server 2003 Service Pack 1, on Windows Server 2003 with Service
>> Pack 1 for Itanium-based Systems, and on Windows Server 2003 x64 Edition
>> runs in a restricted mode that is known as Enhanced Security
>> Configuration This mode mitigates this vulnerability where the e-mail
>> vector is concerned although clicking on a link would still put users at
>> risk. In Windows Server 2003, Microsoft Outlook Express uses plain text
>> for reading and sending messages by default. When replying to an e-mail
>> message that is sent in another format, the response is formatted in
>> plain text. See the FAQ section of this vulnerability for more
>> information about Internet Explorer Enhanced Security Configuration.
>> =====
>> --
>> Chris H.
>> Microsoft Windows MVP/Tablet PC
>> Tablet Creations - http://nicecreations.us/
>> Associate Expert
>> Expert Zone - www.microsoft.com/windowsxp/expertzone
>>
>> "Josh Einstein" <josheinstein@hotmail.com> wrote in message
>> news:u8AIybIEGHA.3000@TK2MSFTNGP14.phx.gbl...
>>> This is a typical response from Chris who only trusts MS's word as
>>> gospel. But rather than linking directly to the EXE you should link to
>>> the page where the user can download it. Direct EXE links are
>>> irresponsible to click as well. Especially considering that they are so
>>> easily spoofed.
>>>
>>> --
>>> Josh Einstein
>>> Tablet Enhancements for Outlook 2.0 - Try it free for 14 days
>>> www.tabletoutlook.com
>>>
>>> "Jim" <reply@groups.please> wrote in message
>>> news:kMwuf.37341$Lb1.8673@bignews3.bellsouth.net.. .
>>>> Chris,
>>>>
>>>> You are acting in an extremely irresponsible manner. This is one of
>>>> the largest exploits ever to hit the Windows platform (in number of
>>>> machines affected), and you are telling people to do nothing.
>>>>
>>>> The only thing more irresponsible than your post is Microsoft's
>>>> refusal to take immediate action for such an exploit.
>>>>
>>>> Jim
>>>>
>>>> "Chris H." <winxpnews@hotmail.com> wrote in message
>>>> news:um047fHEGHA.140@TK2MSFTNGP12.phx.gbl...
>>>>> Microsoft has not released a patch at this point. Please do not
>>>>> download or install a patch from any other source.
>>>>> --
>>>>> Chris H.
>>>>> Microsoft Windows MVP/Tablet PC
>>>>> Tablet Creations - http://nicecreations.us/
>>>>> Associate Expert
>>>>> Expert Zone - www.microsoft.com/windowsxp/expertzone
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>


Reply With Quote