ATTENTION: VERY SERIOUS COMPUTER HACK ISSUE

Discussion on usage, viruses, problems, tips and tricks.

Moderator: hbartel

Post Reply
User avatar
Which_way_is_up
Posts: 1637
Joined: Tue Feb 12, 2002 8:54 am
Location: Dallas, Texas

ATTENTION: VERY SERIOUS COMPUTER HACK ISSUE

Post by Which_way_is_up »

ATTENTION: VERY SERIOUS COMPUTER HACK ISSUE
Within the last few days a new and very serious vulnerability of Microsoft's Windows operating systems has surfaced. This one is being referred to as the "WMF (Windows Meta File) vulnerability". This problem has the potential for being worse that all the combined virus, worm and Trojan attacks of the past combined. The reason, what the hackers have found is a way to enclose any of the existing viruses, worms or Trojans and package them into a modified meta file for delivery any number of ways. You could receive this from simply going to a web site with any browser(no browser is safe no matter what settings you have), by receiving an email with a meta file included in the text of the message or as an attachment file, or by using any one of the many instant messenger programs out there.

Why is this so devastating and what is a "windows meta file"? A WMA file is a vector graphs file format that has been a standard of Microsoft's Windows operating systems since Microsoft came out with version 3.1 of windows. A common form of a WMA file is a simple black and white line art graph or drawing. Most of you are familiar with the common "clip-art" packages that were so popular in the early days of desktop publishing and web site design. Most of those are simply WMA files. Hackers have found a vulnerability in the way the Windows handles an error in a corrupted WMA file and are exploiting it to carry and run malicious programs.

What makes matters worse is that Windows operating system looks at the content of the file and not just it's name to determine if it is a WMA file and so a malicious file can be renamed anything and still work as the carrier of the infection.

Enough tech talk, what the heck can you do until Microsoft comes out with a patch to the operating system? Here is a patch that works on any version of Windows XP, that is the Home or Pro edition. Download this utility and run it. It will turn off your computer's recognition of WMA files and you should be safe until Microsoft comes out with an official patch or update for XP.


XP Patch utility: http://www.GRC.com/miscfiles/wmffix_hexblog14.exe

Currently this patch is only good for Windows XP (Home and Pro) and Windows 2000. Not Windows 95,98 or ME! Unfortunately those of you using Windows 95, 98, ME, etc are exposed until Microsoft officially addresses this with a patch or update to those versions of Windows.


If you don't trust this patch and/or want more information concerning this very serious problem go and "google" WMA vulnerability for more information.

You've been warned!
thojo
Posts: 1926
Joined: Thu Feb 21, 2002 1:20 pm
Location: USA
Contact:

Post by thojo »

Microsoft will be releasing a patch on Tuesday, Jan. 10th to plug this vunerability
User avatar
Which_way_is_up
Posts: 1637
Joined: Tue Feb 12, 2002 8:54 am
Location: Dallas, Texas

Post by Which_way_is_up »

That's the word anyway. Of course how many people have ever downloaded a single update for their operating system. Of all my friends that have XP, not a one of them, when asked, knew if their automatic update function was turned on and several of them didn't even know what I was talking about. [:(]
User avatar
Which_way_is_up
Posts: 1637
Joined: Tue Feb 12, 2002 8:54 am
Location: Dallas, Texas

Post by Which_way_is_up »

LATEST UPDATE

Microsoft To Rush Out WMF Patch Today

Attacked for moving too slowly to patch the current Windows Metafile vulnerability, Microsoft will make a security update available five days ahead of schedule.

By Larry Greenemeier, InformationWeek
Jan. 5, 2006
URL: http://www.informationweek.com/story/sh ... =175801652

Beset by criticism for moving too slowly in its efforts to patch the current Windows Metafile, or WMF, vulnerability, Microsoft now says it will make its MS06-001 WMF security update available after 2 p.m. PST on Thursday, five days ahead of schedule.

The company issued an E-mail Thursday afternoon stating that business customers using Windows Server Update Services will receive the update automatically. Consumers who use Automatic Updates will receive the update automatically and do not need to take any additional actions.

In addition, the update is supported by Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Business customers also can manually download the update from Microsoft's Download Center.

Prior to Thursday, Microsoft had said it would not issue an emergency patch for the WMF vulnerability because the vulnerability's infection rates had stabilized and the risk of infection was generally seen as low to moderate, says Debby Fry Wilson, a director in Microsoft's security response unit. Although the WMF vulnerability was discovered on December 27, Microsoft said it needed time to properly test its patch.

A pre-release version of the WMF vulnerability patch code had been leaked to a security community site on Wednesday, but Microsoft warned users against using it. Steve Gibson, president of Gibson Research, said in an E-mailed interview that he had downloaded the pre-release patch and tested it. "The updated GDI32.DLL file contained in this patch was built in the evening of December 28th, last Wednesday. It is clear that Microsoft jumped on this problem—and had it resolved—almost immediately."

Microsoft will still release security updates on January 10 as part of its regularly scheduled release of security updates.

The availability of a highly endorsed, but unauthorized, piece of workaround code written by Russian programmer Ilfak Guilfanov, coupled with the number of WMF exploits already discovered, has created waves in Microsoft's normal Patch Tuesday schedule. Experts have been divided over whether it's wise to use Guilfanov's Hexblog code to protect against the WMF vulnerability, which was discovered on December 27. Guilfanov, senior developer with Belgian software maker DataRescue, is best known for writing IDA Pro software used by security specialists to dissect viruses and malware.

Third-party patches or workaround code are not unheard of for Microsoft vulnerabilities, but "this is the first time I can recall where there has been community endorsement of a third-party patch," Fry says of Guilfanov's work. "That is unusual."
Post Reply

Return to “Computer related issues - user supported”