NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for a
new security flaw at its next scheduled update release on Jan. 10, leaving
users largely unprotected until then from a rapidly spreading computer virus
strain.

"Microsoft's delay is inexcusable," said Alan Paller, director of research
at computer security group SANS Institute. "There's no excuse other than
incompetence and negligence."

"It's a problem that there's no known solution from Microsoft," said Alfred
Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
response team.

SANS Institute, via its Internet Storm Center, has taken the unusual step of
releasing its own patch for the problem until a Microsoft-approved fix is
available. "It's not something we like to do," said Paller.

The Internet Storm Center, which tracks viruses and other outbreaks on the
Web, increased the threat level to "yellow" - a warning that means a
significant new threat is developing.

Microsoft said evaluation and testing affect the timing of security patches.
"Creating security updates that effectively fix vulnerabilities is an
extensive process. There are many factors that impact the length of time
between the discovery of a vulnerability and the release of a security
update," Microsoft said in a security advisory on its Web site.

"Quality is the gating factor," said a Microsoft spokeswoman. The company
views the issue as "serious," but believes that "the scope of the attacks is
not widespread," she added.

The attack is the latest to hit Microsoft, despite redoubled efforts to
respond to security threats. With more than 90% of personal computers running
Windows, it represents the biggest target for hackers.

The virus began spreading last week, as hackers took advantage of a
previously unknown flaw in Windows Meta File code in what is known as a
"zero-day attack."

The small amount of code in the virus can call down other programs that
could install spyware to steal personal data or turn a system into a "bot" (a
computer controlled by hackers).

"The flaw is fairly significant in terms of its reach," said Alain Sergile,
product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
analysis service.

The bug was found in current server and desktop versions of Windows and is
considered serious because it requires relatively minor user interaction to
be unleashed. The virus is carried in picture files and can be triggered if
an image is viewed in an email or on an infected Web site. It is also being
distributed through Instant Messenger.

Johannes Ullrich, chief research officer at SANS Institute, said there are
hundreds of Web sites that carry the infected images, and he's tracking the
possibility that an online ad service is serving up infected image files. He
says 5% to 10% of users appear to be infected, "an order of magnitude more
than other attacks."

Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
indexes files on a computer, even if the image hasn't been viewed by the
user.

The virus takes advantage of the way Windows processes Windows Meta Files,
or WMF, images. These file types can carry more common .jpg extensions, but
still carry the malicious code.

Microsoft recommends users unregister a file called shimgvw.dll. "While this
workaround will not correct the underlying vulnerability, it helps block
known attack vectors," the software maker says in its security advisory.

Security experts are advising people to turn off preview panes in email
programs like Outlook and be very careful about what web sites they visit and
what emails they open.

-By Chris Reiter, Dow Jones Newswires; 201-938-5244;
chris.reiter@dowjones.com

I used regsvr32 to disable the dll until ms comes out with a fix.

"dblues" <dblues@discussions.microsoft.com> wrote in message
news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
> a
> new security flaw at its next scheduled update release on Jan. 10, leaving
> users largely unprotected until then from a rapidly spreading computer
> virus
> strain.
>
> "Microsoft's delay is inexcusable," said Alan Paller, director of research
> at computer security group SANS Institute. "There's no excuse other than
> incompetence and negligence."
>
> "It's a problem that there's no known solution from Microsoft," said
> Alfred
> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
> response team.
>
> SANS Institute, via its Internet Storm Center, has taken the unusual step
> of
> releasing its own patch for the problem until a Microsoft-approved fix is
> available. "It's not something we like to do," said Paller.
>
> The Internet Storm Center, which tracks viruses and other outbreaks on the
> Web, increased the threat level to "yellow" - a warning that means a
> significant new threat is developing.
>
> Microsoft said evaluation and testing affect the timing of security
> patches.
> "Creating security updates that effectively fix vulnerabilities is an
> extensive process. There are many factors that impact the length of time
> between the discovery of a vulnerability and the release of a security
> update," Microsoft said in a security advisory on its Web site.
>
> "Quality is the gating factor," said a Microsoft spokeswoman. The company
> views the issue as "serious," but believes that "the scope of the attacks
> is
> not widespread," she added.
>
> The attack is the latest to hit Microsoft, despite redoubled efforts to
> respond to security threats. With more than 90% of personal computers
> running
> Windows, it represents the biggest target for hackers.
>
> The virus began spreading last week, as hackers took advantage of a
> previously unknown flaw in Windows Meta File code in what is known as a
> "zero-day attack."
>
> The small amount of code in the virus can call down other programs that
> could install spyware to steal personal data or turn a system into a "bot"
> (a
> computer controlled by hackers).
>
> "The flaw is fairly significant in terms of its reach," said Alain
> Sergile,
> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
> analysis service.
>
> The bug was found in current server and desktop versions of Windows and is
> considered serious because it requires relatively minor user interaction
> to
> be unleashed. The virus is carried in picture files and can be triggered
> if
> an image is viewed in an email or on an infected Web site. It is also
> being
> distributed through Instant Messenger.
>
> Johannes Ullrich, chief research officer at SANS Institute, said there are
> hundreds of Web sites that carry the infected images, and he's tracking
> the
> possibility that an online ad service is serving up infected image files.
> He
> says 5% to 10% of users appear to be infected, "an order of magnitude more
> than other attacks."
>
> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
> indexes files on a computer, even if the image hasn't been viewed by the
> user.
>
> The virus takes advantage of the way Windows processes Windows Meta Files,
> or WMF, images. These file types can carry more common .jpg extensions,
> but
> still carry the malicious code.
>
> Microsoft recommends users unregister a file called shimgvw.dll. "While
> this
> workaround will not correct the underlying vulnerability, it helps block
> known attack vectors," the software maker says in its security advisory.
>
> Security experts are advising people to turn off preview panes in email
> programs like Outlook and be very careful about what web sites they visit
> and
> what emails they open.
>
> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
> chris.reiter@dowjones.com
>

Microsoft Statement Concerning Windows Meta File Vulnerability
http://www.microsoft.com/presspass/p...FUpdatePR.mspx

Improve the safety of your browsing and e-mail activities
http://www.microsoft.com/athome/secu...ng_safety.mspx

Microsoft Security Advisory (912840)
http://www.microsoft.com/technet/sec...ry/912840.mspx

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com,
dblues <dblues@discussions.microsoft.com> hunted and pecked:
<snip>

Depends, most AV providers have some level of protection. For those
that want an immediate "Fix", there is the .Msi based patch posted by
SANS /ISC and supposedly tested/verified.
http://handlers.sans.org/tliston/WMFHotfix-1.1.14.msi

It's a judgment call. The "Official" patch will appear on Microsoft's
normal patch Tuesday (January 10th). User's can either Unregister the
module or use the .Msi posted above.


"dblues" <dblues@discussions.microsoft.com> wrote in message
news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
> a
> new security flaw at its next scheduled update release on Jan. 10, leaving
> users largely unprotected until then from a rapidly spreading computer
> virus
> strain.
>
> "Microsoft's delay is inexcusable," said Alan Paller, director of research
> at computer security group SANS Institute. "There's no excuse other than
> incompetence and negligence."
>
> "It's a problem that there's no known solution from Microsoft," said
> Alfred
> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
> response team.
>
> SANS Institute, via its Internet Storm Center, has taken the unusual step
> of
> releasing its own patch for the problem until a Microsoft-approved fix is
> available. "It's not something we like to do," said Paller.
>
> The Internet Storm Center, which tracks viruses and other outbreaks on the
> Web, increased the threat level to "yellow" - a warning that means a
> significant new threat is developing.
>
> Microsoft said evaluation and testing affect the timing of security
> patches.
> "Creating security updates that effectively fix vulnerabilities is an
> extensive process. There are many factors that impact the length of time
> between the discovery of a vulnerability and the release of a security
> update," Microsoft said in a security advisory on its Web site.
>
> "Quality is the gating factor," said a Microsoft spokeswoman. The company
> views the issue as "serious," but believes that "the scope of the attacks
> is
> not widespread," she added.
>
> The attack is the latest to hit Microsoft, despite redoubled efforts to
> respond to security threats. With more than 90% of personal computers
> running
> Windows, it represents the biggest target for hackers.
>
> The virus began spreading last week, as hackers took advantage of a
> previously unknown flaw in Windows Meta File code in what is known as a
> "zero-day attack."
>
> The small amount of code in the virus can call down other programs that
> could install spyware to steal personal data or turn a system into a "bot"
> (a
> computer controlled by hackers).
>
> "The flaw is fairly significant in terms of its reach," said Alain
> Sergile,
> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
> analysis service.
>
> The bug was found in current server and desktop versions of Windows and is
> considered serious because it requires relatively minor user interaction
> to
> be unleashed. The virus is carried in picture files and can be triggered
> if
> an image is viewed in an email or on an infected Web site. It is also
> being
> distributed through Instant Messenger.
>
> Johannes Ullrich, chief research officer at SANS Institute, said there are
> hundreds of Web sites that carry the infected images, and he's tracking
> the
> possibility that an online ad service is serving up infected image files.
> He
> says 5% to 10% of users appear to be infected, "an order of magnitude more
> than other attacks."
>
> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
> indexes files on a computer, even if the image hasn't been viewed by the
> user.
>
> The virus takes advantage of the way Windows processes Windows Meta Files,
> or WMF, images. These file types can carry more common .jpg extensions,
> but
> still carry the malicious code.
>
> Microsoft recommends users unregister a file called shimgvw.dll. "While
> this
> workaround will not correct the underlying vulnerability, it helps block
> known attack vectors," the software maker says in its security advisory.
>
> Security experts are advising people to turn off preview panes in email
> programs like Outlook and be very careful about what web sites they visit
> and
> what emails they open.
>
> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
> chris.reiter@dowjones.com
>

Here is a temporary fix.

http://www.grc.com/sn/notes-020.htm

Good luck.

Woody

"dblues" <dblues@discussions.microsoft.com> wrote in message
news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
> a
> new security flaw at its next scheduled update release on Jan. 10, leaving
> users largely unprotected until then from a rapidly spreading computer
> virus
> strain.
>
> "Microsoft's delay is inexcusable," said Alan Paller, director of research
> at computer security group SANS Institute. "There's no excuse other than
> incompetence and negligence."
>
> "It's a problem that there's no known solution from Microsoft," said
> Alfred
> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
> response team.
>
> SANS Institute, via its Internet Storm Center, has taken the unusual step
> of
> releasing its own patch for the problem until a Microsoft-approved fix is
> available. "It's not something we like to do," said Paller.
>
> The Internet Storm Center, which tracks viruses and other outbreaks on the
> Web, increased the threat level to "yellow" - a warning that means a
> significant new threat is developing.
>
> Microsoft said evaluation and testing affect the timing of security
> patches.
> "Creating security updates that effectively fix vulnerabilities is an
> extensive process. There are many factors that impact the length of time
> between the discovery of a vulnerability and the release of a security
> update," Microsoft said in a security advisory on its Web site.
>
> "Quality is the gating factor," said a Microsoft spokeswoman. The company
> views the issue as "serious," but believes that "the scope of the attacks
> is
> not widespread," she added.
>
> The attack is the latest to hit Microsoft, despite redoubled efforts to
> respond to security threats. With more than 90% of personal computers
> running
> Windows, it represents the biggest target for hackers.
>
> The virus began spreading last week, as hackers took advantage of a
> previously unknown flaw in Windows Meta File code in what is known as a
> "zero-day attack."
>
> The small amount of code in the virus can call down other programs that
> could install spyware to steal personal data or turn a system into a "bot"
> (a
> computer controlled by hackers).
>
> "The flaw is fairly significant in terms of its reach," said Alain
> Sergile,
> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
> analysis service.
>
> The bug was found in current server and desktop versions of Windows and is
> considered serious because it requires relatively minor user interaction
> to
> be unleashed. The virus is carried in picture files and can be triggered
> if
> an image is viewed in an email or on an infected Web site. It is also
> being
> distributed through Instant Messenger.
>
> Johannes Ullrich, chief research officer at SANS Institute, said there are
> hundreds of Web sites that carry the infected images, and he's tracking
> the
> possibility that an online ad service is serving up infected image files.
> He
> says 5% to 10% of users appear to be infected, "an order of magnitude more
> than other attacks."
>
> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
> indexes files on a computer, even if the image hasn't been viewed by the
> user.
>
> The virus takes advantage of the way Windows processes Windows Meta Files,
> or WMF, images. These file types can carry more common .jpg extensions,
> but
> still carry the malicious code.
>
> Microsoft recommends users unregister a file called shimgvw.dll. "While
> this
> workaround will not correct the underlying vulnerability, it helps block
> known attack vectors," the software maker says in its security advisory.
>
> Security experts are advising people to turn off preview panes in email
> programs like Outlook and be very careful about what web sites they visit
> and
> what emails they open.
>
> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
> chris.reiter@dowjones.com
>

Which is worse, a hurry-up-untested-fix or the exploit?

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:%233fvvhOEGHA.1312@TK2MSFTNGP09.phx.gbl,
woody <woody@woohoo.ca> hunted and pecked:
> Here is a temporary fix.
>
> http://www.grc.com/sn/notes-020.htm
>
> Good luck.
>
> Woody
>
> "dblues" <dblues@discussions.microsoft.com> wrote in message
> news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
>> a
>> new security flaw at its next scheduled update release on Jan. 10,
>> leaving users largely unprotected until then from a rapidly spreading
>> computer virus
>> strain.
>>
>> "Microsoft's delay is inexcusable," said Alan Paller, director of
>> research at computer security group SANS Institute. "There's no excuse
>> other than incompetence and negligence."
>>
>> "It's a problem that there's no known solution from Microsoft," said
>> Alfred
>> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
>> response team.
>>
>> SANS Institute, via its Internet Storm Center, has taken the unusual step
>> of
>> releasing its own patch for the problem until a Microsoft-approved fix is
>> available. "It's not something we like to do," said Paller.
>>
>> The Internet Storm Center, which tracks viruses and other outbreaks on
>> the Web, increased the threat level to "yellow" - a warning that means a
>> significant new threat is developing.
>>
>> Microsoft said evaluation and testing affect the timing of security
>> patches.
>> "Creating security updates that effectively fix vulnerabilities is an
>> extensive process. There are many factors that impact the length of time
>> between the discovery of a vulnerability and the release of a security
>> update," Microsoft said in a security advisory on its Web site.
>>
>> "Quality is the gating factor," said a Microsoft spokeswoman. The company
>> views the issue as "serious," but believes that "the scope of the attacks
>> is
>> not widespread," she added.
>>
>> The attack is the latest to hit Microsoft, despite redoubled efforts to
>> respond to security threats. With more than 90% of personal computers
>> running
>> Windows, it represents the biggest target for hackers.
>>
>> The virus began spreading last week, as hackers took advantage of a
>> previously unknown flaw in Windows Meta File code in what is known as a
>> "zero-day attack."
>>
>> The small amount of code in the virus can call down other programs that
>> could install spyware to steal personal data or turn a system into a
>> "bot" (a
>> computer controlled by hackers).
>>
>> "The flaw is fairly significant in terms of its reach," said Alain
>> Sergile,
>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
>> analysis service.
>>
>> The bug was found in current server and desktop versions of Windows and
>> is considered serious because it requires relatively minor user
>> interaction to
>> be unleashed. The virus is carried in picture files and can be triggered
>> if
>> an image is viewed in an email or on an infected Web site. It is also
>> being
>> distributed through Instant Messenger.
>>
>> Johannes Ullrich, chief research officer at SANS Institute, said there
>> are hundreds of Web sites that carry the infected images, and he's
>> tracking the
>> possibility that an online ad service is serving up infected image files.
>> He
>> says 5% to 10% of users appear to be infected, "an order of magnitude
>> more than other attacks."
>>
>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
>> indexes files on a computer, even if the image hasn't been viewed by the
>> user.
>>
>> The virus takes advantage of the way Windows processes Windows Meta
>> Files, or WMF, images. These file types can carry more common .jpg
>> extensions, but
>> still carry the malicious code.
>>
>> Microsoft recommends users unregister a file called shimgvw.dll. "While
>> this
>> workaround will not correct the underlying vulnerability, it helps block
>> known attack vectors," the software maker says in its security advisory.
>>
>> Security experts are advising people to turn off preview panes in email
>> programs like Outlook and be very careful about what web sites they visit
>> and
>> what emails they open.
>>
>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
>> chris.reiter@dowjones.com

The exploit of course. The fix is supplied from a very trustworthy source.
I'll take my chances.

Woody

"Wesley Vogel" <123WVogel955@comcast.net> wrote in message
news:OBY33lOEGHA.1508@TK2MSFTNGP15.phx.gbl...
> Which is worse, a hurry-up-untested-fix or the exploit?
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:%233fvvhOEGHA.1312@TK2MSFTNGP09.phx.gbl,
> woody <woody@woohoo.ca> hunted and pecked:
>> Here is a temporary fix.
>>
>> http://www.grc.com/sn/notes-020.htm
>>
>> Good luck.
>>
>> Woody
>>
>> "dblues" <dblues@discussions.microsoft.com> wrote in message
>> news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
>>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch
>>> for
>>> a
>>> new security flaw at its next scheduled update release on Jan. 10,
>>> leaving users largely unprotected until then from a rapidly spreading
>>> computer virus
>>> strain.
>>>
>>> "Microsoft's delay is inexcusable," said Alan Paller, director of
>>> research at computer security group SANS Institute. "There's no excuse
>>> other than incompetence and negligence."
>>>
>>> "It's a problem that there's no known solution from Microsoft," said
>>> Alfred
>>> Huger, senior director of engineering at Symantec Corp.'s (SYMC)
>>> security
>>> response team.
>>>
>>> SANS Institute, via its Internet Storm Center, has taken the unusual
>>> step
>>> of
>>> releasing its own patch for the problem until a Microsoft-approved fix
>>> is
>>> available. "It's not something we like to do," said Paller.
>>>
>>> The Internet Storm Center, which tracks viruses and other outbreaks on
>>> the Web, increased the threat level to "yellow" - a warning that means a
>>> significant new threat is developing.
>>>
>>> Microsoft said evaluation and testing affect the timing of security
>>> patches.
>>> "Creating security updates that effectively fix vulnerabilities is an
>>> extensive process. There are many factors that impact the length of time
>>> between the discovery of a vulnerability and the release of a security
>>> update," Microsoft said in a security advisory on its Web site.
>>>
>>> "Quality is the gating factor," said a Microsoft spokeswoman. The
>>> company
>>> views the issue as "serious," but believes that "the scope of the
>>> attacks
>>> is
>>> not widespread," she added.
>>>
>>> The attack is the latest to hit Microsoft, despite redoubled efforts to
>>> respond to security threats. With more than 90% of personal computers
>>> running
>>> Windows, it represents the biggest target for hackers.
>>>
>>> The virus began spreading last week, as hackers took advantage of a
>>> previously unknown flaw in Windows Meta File code in what is known as a
>>> "zero-day attack."
>>>
>>> The small amount of code in the virus can call down other programs that
>>> could install spyware to steal personal data or turn a system into a
>>> "bot" (a
>>> computer controlled by hackers).
>>>
>>> "The flaw is fairly significant in terms of its reach," said Alain
>>> Sergile,
>>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force
>>> threat
>>> analysis service.
>>>
>>> The bug was found in current server and desktop versions of Windows and
>>> is considered serious because it requires relatively minor user
>>> interaction to
>>> be unleashed. The virus is carried in picture files and can be triggered
>>> if
>>> an image is viewed in an email or on an infected Web site. It is also
>>> being
>>> distributed through Instant Messenger.
>>>
>>> Johannes Ullrich, chief research officer at SANS Institute, said there
>>> are hundreds of Web sites that carry the infected images, and he's
>>> tracking the
>>> possibility that an online ad service is serving up infected image
>>> files.
>>> He
>>> says 5% to 10% of users appear to be infected, "an order of magnitude
>>> more than other attacks."
>>>
>>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as
>>> it
>>> indexes files on a computer, even if the image hasn't been viewed by the
>>> user.
>>>
>>> The virus takes advantage of the way Windows processes Windows Meta
>>> Files, or WMF, images. These file types can carry more common .jpg
>>> extensions, but
>>> still carry the malicious code.
>>>
>>> Microsoft recommends users unregister a file called shimgvw.dll. "While
>>> this
>>> workaround will not correct the underlying vulnerability, it helps block
>>> known attack vectors," the software maker says in its security advisory.
>>>
>>> Security experts are advising people to turn off preview panes in email
>>> programs like Outlook and be very careful about what web sites they
>>> visit
>>> and
>>> what emails they open.
>>>
>>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
>>> chris.reiter@dowjones.com
>

"woody" <woody@woohoo.ca> wrote:

|>Here is a temporary fix.
|>
|>http://www.grc.com/sn/notes-020.htm
|>
|>Good luck.

I just ran the test, looks like XP SP2's Data Execution Prevention
(DEP) blocks the exploit.
http://www.microsoft.com/technet/pro.../sp2mempr.mspx
shorter link http://tinyurl.com/4o6bb

|>Woody
|>
|>"dblues" <dblues@discussions.microsoft.com> wrote in message
|>news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
|>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch for
|>> a
|>> new security flaw at its next scheduled update release on Jan. 10, leaving
|>> users largely unprotected until then from a rapidly spreading computer
|>> virus
|>> strain.
|>>
|>> "Microsoft's delay is inexcusable," said Alan Paller, director of research
|>> at computer security group SANS Institute. "There's no excuse other than
|>> incompetence and negligence."
|>>
|>> "It's a problem that there's no known solution from Microsoft," said
|>> Alfred
|>> Huger, senior director of engineering at Symantec Corp.'s (SYMC) security
|>> response team.
|>>
|>> SANS Institute, via its Internet Storm Center, has taken the unusual step
|>> of
|>> releasing its own patch for the problem until a Microsoft-approved fix is
|>> available. "It's not something we like to do," said Paller.
|>>
|>> The Internet Storm Center, which tracks viruses and other outbreaks on the
|>> Web, increased the threat level to "yellow" - a warning that means a
|>> significant new threat is developing.
|>>
|>> Microsoft said evaluation and testing affect the timing of security
|>> patches.
|>> "Creating security updates that effectively fix vulnerabilities is an
|>> extensive process. There are many factors that impact the length of time
|>> between the discovery of a vulnerability and the release of a security
|>> update," Microsoft said in a security advisory on its Web site.
|>>
|>> "Quality is the gating factor," said a Microsoft spokeswoman. The company
|>> views the issue as "serious," but believes that "the scope of the attacks
|>> is
|>> not widespread," she added.
|>>
|>> The attack is the latest to hit Microsoft, despite redoubled efforts to
|>> respond to security threats. With more than 90% of personal computers
|>> running
|>> Windows, it represents the biggest target for hackers.
|>>
|>> The virus began spreading last week, as hackers took advantage of a
|>> previously unknown flaw in Windows Meta File code in what is known as a
|>> "zero-day attack."
|>>
|>> The small amount of code in the virus can call down other programs that
|>> could install spyware to steal personal data or turn a system into a "bot"
|>> (a
|>> computer controlled by hackers).
|>>
|>> "The flaw is fairly significant in terms of its reach," said Alain
|>> Sergile,
|>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force threat
|>> analysis service.
|>>
|>> The bug was found in current server and desktop versions of Windows and is
|>> considered serious because it requires relatively minor user interaction
|>> to
|>> be unleashed. The virus is carried in picture files and can be triggered
|>> if
|>> an image is viewed in an email or on an infected Web site. It is also
|>> being
|>> distributed through Instant Messenger.
|>>
|>> Johannes Ullrich, chief research officer at SANS Institute, said there are
|>> hundreds of Web sites that carry the infected images, and he's tracking
|>> the
|>> possibility that an online ad service is serving up infected image files.
|>> He
|>> says 5% to 10% of users appear to be infected, "an order of magnitude more
|>> than other attacks."
|>>
|>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as it
|>> indexes files on a computer, even if the image hasn't been viewed by the
|>> user.
|>>
|>> The virus takes advantage of the way Windows processes Windows Meta Files,
|>> or WMF, images. These file types can carry more common .jpg extensions,
|>> but
|>> still carry the malicious code.
|>>
|>> Microsoft recommends users unregister a file called shimgvw.dll. "While
|>> this
|>> workaround will not correct the underlying vulnerability, it helps block
|>> known attack vectors," the software maker says in its security advisory.
|>>
|>> Security experts are advising people to turn off preview panes in email
|>> programs like Outlook and be very careful about what web sites they visit
|>> and
|>> what emails they open.
|>>
|>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
|>> chris.reiter@dowjones.com
|>>
|>


--
http://blueballfixed.ytmnd.com/

According to Microsoft's WMF security advisory, only HARDWARE DEP works.

Tom
"Trax" <Pennywise@DerryMaine.Gov> wrote in message
news:96qmr191tjmlo1ugr0rlvrf86t69af1m5j@4ax.com...
| "woody" <woody@woohoo.ca> wrote:
|
||>Here is a temporary fix.
||>
||>http://www.grc.com/sn/notes-020.htm
||>
||>Good luck.
|
| I just ran the test, looks like XP SP2's Data Execution Prevention
| (DEP) blocks the exploit.
|
http://www.microsoft.com/technet/pro.../sp2mempr.mspx
| shorter link http://tinyurl.com/4o6bb
|
||>Woody
||>
||>"dblues" <dblues@discussions.microsoft.com> wrote in message
||>news:C4E2B543-C7A3-4240-A8E6-5E61E614C405@microsoft.com...
||>> NEW YORK (Dow Jones)--Microsoft Corp. (MSFT) plans to release a patch
for
||>> a
||>> new security flaw at its next scheduled update release on Jan. 10,
leaving
||>> users largely unprotected until then from a rapidly spreading computer
||>> virus
||>> strain.
||>>
||>> "Microsoft's delay is inexcusable," said Alan Paller, director of
research
||>> at computer security group SANS Institute. "There's no excuse other
than
||>> incompetence and negligence."
||>>
||>> "It's a problem that there's no known solution from Microsoft," said
||>> Alfred
||>> Huger, senior director of engineering at Symantec Corp.'s (SYMC)
security
||>> response team.
||>>
||>> SANS Institute, via its Internet Storm Center, has taken the unusual
step
||>> of
||>> releasing its own patch for the problem until a Microsoft-approved fix
is
||>> available. "It's not something we like to do," said Paller.
||>>
||>> The Internet Storm Center, which tracks viruses and other outbreaks on
the
||>> Web, increased the threat level to "yellow" - a warning that means a
||>> significant new threat is developing.
||>>
||>> Microsoft said evaluation and testing affect the timing of security
||>> patches.
||>> "Creating security updates that effectively fix vulnerabilities is an
||>> extensive process. There are many factors that impact the length of
time
||>> between the discovery of a vulnerability and the release of a security
||>> update," Microsoft said in a security advisory on its Web site.
||>>
||>> "Quality is the gating factor," said a Microsoft spokeswoman. The
company
||>> views the issue as "serious," but believes that "the scope of the
attacks
||>> is
||>> not widespread," she added.
||>>
||>> The attack is the latest to hit Microsoft, despite redoubled efforts to
||>> respond to security threats. With more than 90% of personal computers
||>> running
||>> Windows, it represents the biggest target for hackers.
||>>
||>> The virus began spreading last week, as hackers took advantage of a
||>> previously unknown flaw in Windows Meta File code in what is known as a
||>> "zero-day attack."
||>>
||>> The small amount of code in the virus can call down other programs that
||>> could install spyware to steal personal data or turn a system into a
"bot"
||>> (a
||>> computer controlled by hackers).
||>>
||>> "The flaw is fairly significant in terms of its reach," said Alain
||>> Sergile,
||>> product manager at Internet Security Systems Inc.'s (ISSX) X-Force
threat
||>> analysis service.
||>>
||>> The bug was found in current server and desktop versions of Windows and
is
||>> considered serious because it requires relatively minor user
interaction
||>> to
||>> be unleashed. The virus is carried in picture files and can be
triggered
||>> if
||>> an image is viewed in an email or on an infected Web site. It is also
||>> being
||>> distributed through Instant Messenger.
||>>
||>> Johannes Ullrich, chief research officer at SANS Institute, said there
are
||>> hundreds of Web sites that carry the infected images, and he's tracking
||>> the
||>> possibility that an online ad service is serving up infected image
files.
||>> He
||>> says 5% to 10% of users appear to be infected, "an order of magnitude
more
||>> than other attacks."
||>>
||>> Google Inc.'s (GOOG) desktop search tool can also trigger the virus as
it
||>> indexes files on a computer, even if the image hasn't been viewed by
the
||>> user.
||>>
||>> The virus takes advantage of the way Windows processes Windows Meta
Files,
||>> or WMF, images. These file types can carry more common .jpg extensions,
||>> but
||>> still carry the malicious code.
||>>
||>> Microsoft recommends users unregister a file called shimgvw.dll. "While
||>> this
||>> workaround will not correct the underlying vulnerability, it helps
block
||>> known attack vectors," the software maker says in its security
advisory.
||>>
||>> Security experts are advising people to turn off preview panes in email
||>> programs like Outlook and be very careful about what web sites they
visit
||>> and
||>> what emails they open.
||>>
||>> -By Chris Reiter, Dow Jones Newswires; 201-938-5244;
||>> chris.reiter@dowjones.com
||>>
||>
|
|
| --
| http://blueballfixed.ytmnd.com/

woody wrote:
> The exploit of course.


I wonder. There's a great deal of noise, but I've yet to encounter
anyone who been "exploited." (Which isn't to say that people shouldn't
take precautions, of course.)


> The fix is supplied from a very trustworthy source.


But the link you provided was to a site unauthorized to provide patches
for Microsoft products. That most definitely is *not* a trustworthy site.


> I'll take my chances.
>

Good luck with that. I'll wait for the real thing, I think.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH