Thread: WMF Exploit!!! Install this patch now!
View Single Post
  #16  
Old 01-05-2006, 02:12 AM
Chris H.
 
Posts: n/a
Default Re: WMF Exploit!!! Install this patch now!
Please speak for yourself only, Josh. This is a serious subject, and you
shouldn't be letting your personal opinions about people interfere with
guiding users in the right direction. It is irresponsible for anyone
download and install such an unknown, untested patch. Microsoft's security
bulletin, in part, already issued on the subject:
=====
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code
Execution.
Microsoft is investigating new public reports of a vulnerability in Windows.
Microsoft will continue to investigate the public reports to help provide
additional guidance for customers.
Microsoft is aware of detailed exploit code that could allow an attacker to
execute arbitrary code in the security context of the logged on user when
visiting a Web site, which contains a specially crafted Windows Metafile
(WMF) image. An attacker would have no way to force users to visit a
malicious Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's Web site.
Customers are encouraged to keep their antivirus software up to date. The
Microsoft Windows AntiSpyware (Beta) can also help protect your system from
spyware and other potentially unwanted software. We will continue to
investigate these public reports.
Upon completion of this investigation, Microsoft will take the appropriate
action to help protect our customers. This will include providing a security
update through our monthly release process or providing an out-of-cycle
security update, depending on customer needs.
Microsoft encourages users to exercise caution when they open e-mail and
links in e-mail from untrusted sources. For more information about Safe
Browsing, visit the Trustworthy Computing Web site.
We continue to encourage customers to follow our Protect Your PC guidance of
enabling a firewall, applying software updates and installing antivirus
software. Customers can learn more about these steps at the Protect Your PC
Web site.
Customers who believe they may have been affected by this issue can contact
Product Support Services. You can contact Product Support Services in the
United States and Canada at no charge using the PC Safety line (1
866-PCSAFETY). Customers outside of the United States and Canada can locate
the number for no-charge virus support by visiting the Microsoft Help and
Support Web site.
Mitigating Factors:
· In a Web-based attack scenario, an attacker would have to host a
Web site that contains a Web page that is used to exploit this
vulnerability. An attacker would have no way to force users to visit a
malicious Web site. Instead, an attacker would have to persuade them to
visit the Web site, typically by getting them to click a link that takes
them to the attacker's Web site.
· An attacker who successfully exploited this vulnerability could
gain the same user rights as the local user. Users whose accounts are
configured to have fewer user rights on the system could be less impacted
than users who operate with administrative user rights.
· By default, Internet Explorer on Windows Server 2003, on Windows
Server 2003 Service Pack 1, on Windows Server 2003 with Service Pack 1 for
Itanium-based Systems, and on Windows Server 2003 x64 Edition runs in a
restricted mode that is known as Enhanced Security Configuration This mode
mitigates this vulnerability where the e-mail vector is concerned although
clicking on a link would still put users at risk. In Windows Server 2003,
Microsoft Outlook Express uses plain text for reading and sending messages
by default. When replying to an e-mail message that is sent in another
format, the response is formatted in plain text. See the FAQ section of this
vulnerability for more information about Internet Explorer Enhanced Security
Configuration.
=====
--
Chris H.
Microsoft Windows MVP/Tablet PC
Tablet Creations - http://nicecreations.us/
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone

"Josh Einstein" <josheinstein@hotmail.com> wrote in message
news:u8AIybIEGHA.3000@TK2MSFTNGP14.phx.gbl...
> This is a typical response from Chris who only trusts MS's word as gospel.
> But rather than linking directly to the EXE you should link to the page
> where the user can download it. Direct EXE links are irresponsible to
> click as well. Especially considering that they are so easily spoofed.
>
> --
> Josh Einstein
> Tablet Enhancements for Outlook 2.0 - Try it free for 14 days
> www.tabletoutlook.com
>
> "Jim" <reply@groups.please> wrote in message
> news:kMwuf.37341$Lb1.8673@bignews3.bellsouth.net.. .
>> Chris,
>>
>> You are acting in an extremely irresponsible manner. This is one of
>> the largest exploits ever to hit the Windows platform (in number of
>> machines affected), and you are telling people to do nothing.
>>
>> The only thing more irresponsible than your post is Microsoft's
>> refusal to take immediate action for such an exploit.
>>
>> Jim
>>
>> "Chris H." <winxpnews@hotmail.com> wrote in message
>> news:um047fHEGHA.140@TK2MSFTNGP12.phx.gbl...
>>> Microsoft has not released a patch at this point. Please do not
>>> download or install a patch from any other source.
>>> --
>>> Chris H.
>>> Microsoft Windows MVP/Tablet PC
>>> Tablet Creations - http://nicecreations.us/
>>> Associate Expert
>>> Expert Zone - www.microsoft.com/windowsxp/expertzone
>>>
>>>
>>
>>
>
>


Reply With Quote