Followup: Windows PCs Face 'Huge' Virus Threat > NewHeavenNewEarth

HOME

news

community

integral nhne

resources

links

about

DONATE

News Articles Archive


"News, information, and a home on the Net for people all over the world who are seeking to heal the Earth and unravel the fundamental mysteries of life."

Featured Articles

What Is It With Religious Sects & Sex?

Exorcism Protected By 1st Amendment

UK Plans Big Wind Power Expansion

U.S. Freezes Solar Energy Projects

Martian Soil Could Support Earth Life

The Fight To End Aging Gains Legitimacy, Funding

No Ice At The North Pole!

Experimental Alzheimer's Drug Is 'Astonishing'

The Great Ape Project

Spanish Parliament To Extend Rights To Apes

Current Articles

What Is It With Religious Sects & Sex?

Exorcism Protected By 1st Amendment

UK Plans Big Wind Power Expansion

U.S. Freezes Solar Energy Projects

NASA Could Surrender Space Leadership To Russia & China

Martian Soil Could Support Earth Life

The Fight To End Aging Gains Legitimacy, Funding

No Ice At The North Pole!

Experimental Alzheimer's Drug Is 'Astonishing'

The Great Ape Project

Spanish Parliament To Extend Rights To Apes

How To Die 'A Good Death'

Brain Study Shows Differences Between Gays, Straights

Hansen: 'This Is The Last Chance'

L.A. Seeing More People Living Out Of Their Cars

Research Team Says Earth Will Survive Large Hadron Collider

Police Chase UFO Over Cardiff

Wonder Drug That Can 'Cure' Shyness

Hansen: Put Oil Firm Chiefs On Trial

Revolutionary Solar Dish Is Hot Enough To Melt Steel

One Man's Obsessive Pursuit Of The Lost Tribes Of America

Christianity In U.K. 'Could Die Out Within A Century'

Security Fears Over Food & Fuel Crisis

More Extreme Weather Likely In North America

Astronomers Hunt Aliens

Soft Drink Companies Pressured To Halt Marketing To Kids

G-Spot Enhancement

Secrets Of James Bond's Success With Women

How To Navigate The Stormy Landscape Of Human Interactions

Mass Extinctions Connected With Sea Level Changes

Sea Warmth Rise Worse Than Thought

Stem Cells Make Old Muscle Young

Adult Stem Cells Aid Fracture Healing

Cancer Patient Recovers After Injection Of Immune Cells

RBS Issues Global Stock And Credit Crash Alert

Scientists Find Bugs That Eat Waste & Excrete Petrol

U.S. Floods Hit Food Prices

Paul Otlet & The Web Time Forgot

Company Fesses Up to Corn-Popping Cellphone Clips

Vatican Bans New Dan Brown Film From Rome Churches

National Geographic On Invasive Species

'Oldest Church' Discovery 'Ridiculous,' Critics Say

Arctic Thaw Threatens Siberian Permafrost

Exxon's Greenwash

Satellites Document War, Destruction From Outer Space

Lost Cameras 'Phone Home' To Catch Thieves

Together.com: Easy Ways To Fight Climate Change

Earth 2100: Is This Century Our Last?

How Much Radiation Does Your Phone Emit?

Carl Sagan: A Thousand Years Of Darkness

News Articles Archive

Current Articles | Categories | Search | Syndication

Followup: Windows PCs Face 'Huge' Virus Threat

	198 Views
posted on Sunday, January 08, 2006

WINDOWS WMF VULNERABILITY NEWS & UPDATES
By Steve Gibson
grc.com
January 2, 2005

Original Link

Quick Background:

- The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.

- Word of this spread rapidly through the hacker community — many of whom where presumably on holiday vacation from school, bored, and looking for something to do.

- So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.

- Note that this is not a "new vulnerability" — it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in Windows' metafile processing.

- Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying an exploit.

- Anti-Virus vendors quickly updated and began pushing out their A-V signature files. These have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are having trouble keeping up.

- Microsoft responded with an acknowledgement of the problem <http://www.microsoft.com/technet/security/advisory/912840.mspx> which included a very weak workaround (the shimgvw.dll unregistration) that provides very little protection. There's is not a cure, and it is not known how long the Windows user community will now be waiting for a true patch from Microsoft.

- Ilfak Guilfanov (see GREEN box on website) produced a highly-effective true patch which successfully suppresses all known exploitable vulnerabilities for anyone using Windows 2000, XP, server 2003, or 64-bit XP. No patch is available for Windows 95, 98, ME or NT, and none is expected to be forthcoming. But anyone using Windows 2000, XP, server 2003, or 64-bit XP should IMMEDIATELY install Ilfak's exploit suppressor into all of their systems.

For more information, including patch:
http://www.grc.com/sn/notes-020.htm

OTHER UPDATES

A special (short) edition of "Security Now!" -- On Sunday, January 1st, I phoned into Leo Laporte's KFI "Tech Guy" radio program to inform him and his radio audience of the availability of Ilfak's new patch and real solution. Leo produced a special edition of our weekly "Security Now!" audio podcast. Since this was by telephone the audio quality is not great, but the high-quality and lower-quality MP3 audio files are available here:

Higher-quality (larger) KFI Radio program update
(64 kbps, MP3, 5.4 MB)
http://media.grc.com/sn/SN-020SE.mp3

Lower-quality (smaller) KFI Radio program update
(16 kbps, MP3, 1.4 MB)
http://media.grc.com/sn/SN-020SE-lq.mp3

Ilfak has produced a WMF Vulnerability Checker -- Many users want to verify that their "exploit suppressed" systems are now safe to use. And others want to see whether their anti-virus A-V systems are now detecting some WMF exploit code. So Ilfak has produced a simple WMF Vulnerability tester:

Download Ilfak's WMF Vulnerability Checker
(3.6 kb)
http://www.hexblog.com/security/files/wmf_checker_hexblog.exe

You can read more about his checker, and users' experiences, on his Vulnerability Checker blog page:

http://www.hexblog.com/2006/01/wmf_vulnerability_checker.html

An important Note about A-V signatures: As useful as anti-virus protection is as a first line of defense, new WMF exploits are succeeding at bypassing them. So A-V cannot be relied upon. The only safe measure is to install Ilfak's vulnerability suppression solution until Microsoft has updated the GDI32.DLL file and permanently resolved this problem.

Windows 98/SE/ME users: Microsoft's original advice to "unregister the shimgvw.dll" (shell image viewer) was never correct or useful on those platforms. The good news is that all current WMF exploits appear to be non-functional on the older Win9x vintage platforms . . . so you will likely be okay until Microsoft has updated your system with the next security patches. There is no short-term workaround for Windows 9x users.

Other new links: See the bottom of the RED box below for many "original discovery" links.

SANS "Handler's Diary" update for January 1st, 2006:
http://isc.sans.org/diary.php?rss&storyid=996

F-Secure's ongoing coverage and updates:
http://www.f-secure.com/weblog/archives/archive-012006.html

Get generic WMF Vulnerability news -- from GoogleNews:
http://news.google.com/news?q=WMF+vulnerability

For more information, including patch:
http://www.grc.com/sn/notes-020.htm

------------

PREVIOUS NHNE NEWS LIST ARTICLE:

WINDOWS PCS FACE 'HUGE' VIRUS THREAT (1/2/2006):
http://groups.yahoo.com/group/nhnenews/message/10599

..........

FOR FURTHER INFORMATION:

MICROSOFT SECURITY WEB PAGE:
http://www.microsoft.com/security/default.mspx

MCAFEE VIRUS INFORMATION LIBRARY:
http://vil.nai.com/vil/default.asp

SYMANTEC:
http://www.symantec.com/index.htm

F-SECURE:
http://www.f-secure.com/

SOPHOS:
http://www.sophos.com/

TREND MICRO:
http://www.trendmicro.com/vinfo/

UNIVERSITY OF MARYLAND OIT VIRUS NOTIFICATION PROGRAM (VNP):
http://www.helpdesk.umd.edu/virus/

CERT VIRUS RESOURCES:
http://www.cert.org/other_sources/viruses.html

...........

MCAFEE VIRUS HOAXES:
http://vil.mcafee.com/hoax.asp

SYMANTEC VIRUS HOAXES:
http://www.symantec.com/avcenter/hoax.html

TREND MICRO SCAMS AND HOAXES:
http://www.trendmicro.com/vinfo/hoaxes/default.asp

HOAXBUSTERS:
http://hoaxbusters.ciac.org/

SNOPES (Urban Legends):
http://www.snopes.com/


............ In accordance with Title 17 U.S.C. Section 107 , this material is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. Unless the information in question has been written and/or published by NHNE, NHNE has no affiliation whatsoever with the originator of this article. NHNE is, therefore, not endorsed or sponsored by the originator, nor does NHNE necessarily endorse, promote, or agree with the content. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.