Thread: WMF Exploit!!! Install this patch now!
View Single Post
  #25  
Old 01-05-2006, 02:12 AM
Kerry Brown
 
Posts: n/a
Default Re: WMF Exploit!!! Install this patch now!
Rashputin wrote:
> "Kerry Brown" <kerry@kdbNOSPAMsys-tems.c*a*m> wrote in message
> news:eqpjUcIEGHA.1088@tk2msftngp13.phx.gbl...
>> Chris H. wrote:
>>> Incorrect, Jim. Users should wait for the official patch, and not
>>> risk (1) going to some web site not connected with Microsoft, and
>>> (2) not installing some "patch" or other software on their machine
>>> from an unknown source.
>>> As noted in the security bulletin issued, there are specific
>>> instances where this violation of a computer can take place, and
>>> they include being lured to a web site.
>>>
>>> Protection of the computer will come with intelligent computer
>>> usage, including not visiting an unknown site for a "fix" not coming
>>> directly from Microsoft.
>>>
>>
>> If you believe the security bulletin you are have obviously not seen
>> this exploit in action. Build a test machine, fully update Windows,
>> install your antivirus and antispyware apps of choice and go to one
>> of the many known sites that use this exploit. The machine will be
>> infected, no if, ands, or buts. The people using the exploit are
>> changing it often enough that the antivirus/spyware/malware apps
>> can't keep up. I have tried it. have you? It was scary. I
>> immediately ran the unofficial patch on my own machines. By the way
>> many sites you think may be safe are not, knoppix-std dot org is one
>> site that was known to be hacked and was distributing malware via
>> this exploit. To most this would certainly seem to be a safe site.
>> Many on these newsgroups regularly recommend using knoppix. Kerry
>>
>>
>>
>>
>>> "Jim" <reply@groups.please> wrote in message
>>> news:kMwuf.37341$Lb1.8673@bignews3.bellsouth.net.. .
>>>> Chris,
>>>>
>>>> You are acting in an extremely irresponsible manner. This is
>>>> one of the largest exploits ever to hit the Windows platform (in
>>>> number of machines affected), and you are telling people to do
>>>> nothing. The only thing more irresponsible than your post is
>>>> Microsoft's
>>>> refusal to take immediate action for such an exploit.
>>>>
>>>> Jim
>>>>
>>>> "Chris H." <winxpnews@hotmail.com> wrote in message
>>>> news:um047fHEGHA.140@TK2MSFTNGP12.phx.gbl...
>>>>> Microsoft has not released a patch at this point. Please do not
>>>>> download or install a patch from any other source.
>>>>> --
>>>>> Chris H.
>>>>> Microsoft Windows MVP/Tablet PC
>>>>> Tablet Creations - http://nicecreations.us/
>>>>> Associate Expert
>>>>> Expert Zone - www.microsoft.com/windowsxp/expertzone
>>
>>
>>
>
>
>
> Does deleting the .wmf file association solve the problem or am I
> misunderstanding it?
>
> tia,
>
> Regards

It doesn't solve the problem. The file can be named with any valid graphics
extension e.g. jpg. Windows will try to open the file, realise it's a wmf
file not a jpg and open it appropriately. You would have to disable all
graphics associations recognised by Windows. Unregistering the Windows
Picture and Fax viewer will help but the problem is deeper than that file
alone.

Kerry


Reply With Quote