What is everyone doing about this security flaw til 1/10/06

#11 01-05-2006, 11:13 PM

Try this one.

Microsoft Security Bulletin MS06-001
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
(912919)
http://www.microsoft.com/technet/sec.../ms06-001.mspx

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%23AcrWKPEGHA.3728@tk2msftngp13.phx.gbl,
woody <woody@woohoo.ca> hunted and pecked:
> The exploit of course. The fix is supplied from a very trustworthy
> source. I'll take my chances.
>
> Woody
>
> "Wesley Vogel" <123WVogel955@comcast.net> wrote in message
> news:OBY33lOEGHA.1508@TK2MSFTNGP15.phx.gbl...
>> Which is worse, a hurry-up-untested-fix or the exploit?
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:%233fvvhOEGHA.1312@TK2MSFTNGP09.phx.gbl,
>> woody <woody@woohoo.ca> hunted and pecked:
>>> Here is a temporary fix.
>>>
>>> http://www.grc.com/sn/notes-020.htm
>>>
>>> Good luck.
>>>
>>> Woody
>>>
>>> "dblues" <dblues@discussions.microsoft.com> wrote in message
>>> news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
>>>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch
>>>> for
>>>> a
>>>> new security flaw at its next scheduled update release on Jan. 10,
>>>> leaving users largely unprotected until then from a rapidly spreading
>>>> computer virus
>>>> strain.
>>>>
>>>> "Microsoft's delay is inexcusable," said Alan Paller, director of
>>>> research at computer security group SANS Institute. "There's no excuse
>>>> other than incompetence and negligence."
>>>>
>>>> "It's a problem that there's no known solution from Microsoft," said
>>>> Alfred
>>>> Huger, senior director of engineering at Symantec Corp.'s (SYMC)
>>>> security
>>>> response team.
>>>>
>>>> SANS Institute, via its Internet Storm Center, has taken the unusual
>>>> step
>>>> of
>>>> releasing its own patch for the problem until a Microsoft-approved fix
>>>> is
>>>> available. "It's not something we like to do," said Paller.
>>>>
>>>> The Internet Storm Center, which tracks viruses and other outbreaks on
>>>> the Web, increased the threat level to "yellow" - a warning that means
>>>> a significant new threat is developing.
>>>>
>>>> Microsoft said evaluation and testing affect the timing of security
>>>> patches.
>>>> "Creating security updates that effectively fix vulnerabilities is an
>>>> extensive process. There are many factors that impact the length of
>>>> time between the discovery of a vulnerability and the release of a
>>>> security update," Microsoft said in a security advisory on its Web
>>>> site.
>>>>
>>>> "Quality is the gating factor," said a Microsoft spokeswoman. The
>>>> company
>>>> views the issue as "serious," but believes that "the scope of the
>>>> attacks
>>>> is
>>>> not widespread," she added.
>>>>
>>>> The attack is the latest to hit Microsoft, despite redoubled efforts to
>>>> respond to security threats. With more than 90% of personal computers
>>>> running
>>>> Windows, it represents the biggest target for hackers.
>>>>
>>>> The virus began spreading last week, as hackers took advantage of a
>>>> previously unknown flaw in Windows Meta File code in what is known as a
>>>> "zero-day attack."
>>>>
>>>> The small amount of code in the virus can call down other programs that
>>>> could install spyware to steal personal data or turn a system into a
>>>> "bot" (a
>>>> computer controlled by hackers).
>>>>
>>>> "The flaw is fairly significant in terms of its reach," said Alain
>>>> Sergile,
>>>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force
>>>> threat
>>>> analysis service.
>>>>
>>>> The bug was found in current server and desktop versions of Windows and
>>>> is considered serious because it requires relatively minor user
>>>> interaction to
>>>> be unleashed. The virus is carried in picture files and can be
>>>> triggered if
>>>> an image is viewed in an email or on an infected Web site. It is also
>>>> being
>>>> distributed through Instant Messenger.
>>>>
>>>> Johannes Ullrich, chief research officer at SANS Institute, said there
>>>> are hundreds of Web sites that carry the infected images, and he's
>>>> tracking the
>>>> possibility that an online ad service is serving up infected image
>>>> files.
>>>> He
>>>> says 5% to 10% of users appear to be infected, "an order of magnitude
>>>> more than other attacks."
>>>>
>>>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as
>>>> it
>>>> indexes files on a computer, even if the image hasn't been viewed by
>>>> the user.
>>>>
>>>> The virus takes advantage of the way Windows processes Windows Meta
>>>> Files, or WMF, images. These file types can carry more common .jpg
>>>> extensions, but
>>>> still carry the malicious code.
>>>>
>>>> Microsoft recommends users unregister a file called shimgvw.dll. "While
>>>> this
>>>> workaround will not correct the underlying vulnerability, it helps
>>>> block known attack vectors," the software maker says in its security
>>>> advisory.
>>>>
>>>> Security experts are advising people to turn off preview panes in email
>>>> programs like Outlook and be very careful about what web sites they
>>>> visit
>>>> and
>>>> what emails they open.
>>>>
>>>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
>>>> chris.reiter@dowjones.com