Earlier we warned you about a serious security flaw, so-called "WMF flow." Several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found. "Desktop users that suffered the effects of the IMF exploit describe it as a devastating experience to find their desktop computers completely taken over by an attacker. When it hit, the screen suddenly said, Congratulations, youre infected! said Brad Dinerman, vice president of information technology at MIS Alliance, a professional services outsourcing firm in Newton, Mass. It was clear that the computer running XP was no longer in his control. It had root access, it wouldnt let me log off or do anything, Dinerman said. He said he ended up having to re-build the machine from scratch. He noted that his machine had been up-to-date in terms of software patches, anti-virus and anti-spyware software. " "...exploit has so many variants that anti-virus firms are having a difficult time keeping up with the exploits changes in attack code." http://www.networkingsmallbusiness.com/news/2006/010306-sans-microsoft-patch.html "It enables clueless newcomers to easily craft highly variable and hard-to-detect variations of image files. Images that take over computers when viewed. And do this on all common Windows platforms. Meaning that there are hundreds of millions of vulnerable computers in the net right now." http://www.f-secure.com/weblog/archives/archive-012006.html Current news on the situation, by BlogAutoPublisher support expert: 1. An official WMF Vulnerability update from Microsoft is now available. See more info and patches for various flavors of Windows at: http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx Or just go to http://update.microsoft.com/ to pick up the right update automatically. The patch requires that the PC be rebooted. 2. Microsoft is not fixing Windows 98/ME. Microsoft has now "reclassified" the WMF vulnerability in Windows 95, 98, and ME as non-critical (instead of just fixing it!). This means that it will probably NOT be updated and patched to eliminate the WMF handling vulnerability that those older versions of Windows apparently still have. "Per the support life cycle of these versions, only vulnerabilities of critical severity would receive security updates," the company said. We urge you to upgrade, if possible, to WinXP which is much more secure and stable Windows version. 3. After applying the Microsoft's patch, go to Start > Run, paste there the following line: regsvr32 shimgvw.dll and press OK. You should see the following message: "DllRegisterServer in shimgvw.dll succeeded." All your Windows "picture viewing" capabilities are back to normal now. Wishing you productive and secure 2006, BlogAutoPublisher Team. Copyright 2006 Olga Farber Becker |
