Major Windows Vulnerability - Warning

[I-Hate-Hulse]

There's trouble brewing out there in in Bill's Kingdom tonight.... a vulnerability in all Windows computers has been widely exposed, potentially spawning a virus that spreads passively via images, doing untold damage....

According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.

What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.


http://news.ft.com/cms/s/0d644d5e-7b...0779e2340.html

There is a patch out that claim to fix it. Problem is that it doesn't come from Microsoft itself and most corporate admins wouldn't install something that didn't come from Redmond themselves.


For Joe home user, you might want to take extra precautions in following links received in e-mails or surfing "risky" sites (cough...pr0n).


Disabling message preview in your e-mail client might help. I do believe not logging into your PC with an Admin account would help too... but since no seriously malicious virus has used this exploit, it's tough to say what exactly will stop what.


I give this exploit 2-3 week before some misfit 14 yr old gets mad at the world and turns something loose.


For more info, do a Google, search on "WMF Virus". Tons of media on this. I found this Slashdot article to be quite good:


http://it.slashdot.org/article.pl?si...id=201&tid=218


I have no idea as to the accuracy of this guy's comments but they certainly did help me understand some of the genesis of this flaw and just how hard it is to fix...


http://it.slashdot.org/comments.pl?s...6&cid=14378616

[Winsor_Pilates]

I love my new ibook more and more every day

[arsenal]

And you go directly to the site to download the patch:
http://isc.sans.org/

[Barnes]

Amen Winsor.

For those of you who can't wait for the Redmond fix, here's a work around.http://www.apple.com/store

[KevanGuy]

Wow, that is pretty heavy. Thanks for the heads up IHH.

[I-Hate-Hulse]

Blech. Not to turn this into a Wintel/Windoze debate but I'll pass on Apple and their proprietary prices and hardware. At the end of the day their premium pricing, lack of expandability, and smaller base of software / games put them out of contention for myself and my needs. Certainly don't get one if you're on a budget.

Interesting article here on how Mac OS X with it's new Unix underpinning might have gained a few more vulnerablities. At the end of the day, Mac are less vulnerable to attack as less people in the world use them. Even fewer hackers use them:

"It's not really a case of one operating system being more susceptible than another by the very nature of the OS. Rather, it's the fact that there have been, by volume, more viruses written to affect Windows machines than Macs."

http://www.macworld.com/news/2001/08/06/hacker/

[Barnes]

That article was written in 2001 and the writer interviewed somone who works for Norton. The 4 viruses they named 3 infect classic, Mac OS 9 which I haven't even seen in 3 years and the fourth dosen't really infect Mac Os X as it is a Macro "virus" that can be passed on to Windows users from MS Mac apps.

Give OS X a real try with someone who really knows it. My computers haven't crashed in 4 years, no joke (except for a kernal panic during an install, but that was my fault).

[Shawnski]

FYI...Microsoft indicates they have a patch developed and it will be released Jan 10th.

http://today.reuters.com/news/newsAr...SOFT-PATCH.xml

[Winsor_Pilates]

Quote:

Originally Posted by I-Hate-Hulse

Blech. Not to turn this into a Wintel/Windoze debate but I'll pass on Apple and their proprietary prices and hardware. At the end of the day their premium pricing, lack of expandability, and smaller base of software / games put them out of contention for myself and my needs. Certainly don't get one if you're on a budget.

I agree it comes down to an individuals specific needs, but the price is the one thing that actually got me to buy my mac.
I wanted a highly portable laptop with a long battery life and 12" screen.
The 12" ibook is $1250.
If you can find any 12" PC at less then $1600, I'm impressed. Most of them cost over $2000.

[I-Hate-Hulse]

Quote:

Originally Posted by Winsor_Pilates

I agree it comes down to an individuals specific needs, but the price is the one thing that actually got me to buy my mac.
I wanted a highly portable laptop with a long battery life and 12" screen.
The 12" ibook is $1250.
If you can find any 12" PC at less then $1600, I'm impressed. Most of them cost over $2000.

Here's a link to a now dead (but commonly occuring sale) from Dell for a 14.4 Widescreen notebook with some similar specs to the 12" iBook. Specs might not be 100% comparable but it does let you know the price of admission on the respective platforms. Not sure how you interpret "highly portable" but this is 1.1" thick.

http://www.redflagdeals.com/forums/s...light=latitude

$549 including shipping. Looks pretty good IMHO for that price.

Macs are down right sexy, I give you that, but this is a pretty good example of how Macs are premium priced over Windows machines.

[Winsor_Pilates]

Quote:

Originally Posted by I-Hate-Hulse

Here's a link to a now dead (but commonly occuring sale) from Dell for a 14.4 Widescreen notebook with some similar specs to the 12" iBook. Specs might not be 100% comparable but it does let you know the price of admission on the respective platforms. Not sure how you interpret "highly portable" but this is 1.1" thick.

http://www.redflagdeals.com/forums/s...light=latitude

$549 including shipping. Looks pretty good IMHO for that price.

Macs are down right sexy, I give you that, but this is a pretty good example of how Macs are premium priced over Windows machines.

Yes, If i wanted a 14" monitor I could have saved a ton. But I'm picky and wanted a 12", which for some reason shoots the PC price through the roof. I could throw back many examples of how a 12" PC laptop with over 5 hours of battery life is quite premium priced compared to the ibook.

With the wide range of Windows based computers available, there are gonna be cheap ones and expensive ones. For my purposes, the Mac was both cheaper and sexier.

I'm not trying to come across as a Windows hater or anything. I've only had a mac for 3 weeks and I've always used Windows before that, in fact I'm typing on my Windows desktop right now. I'm just saying that the Macs aren't always more expensive, depending on what you are looking for.

[Frank the Tank]

One more reason I'll happily pay a few hundred bucks more for a far better product from Apple. Then again, I am a designer so its kinda standard for me.

As an aside, we just installed a new Dell servers and all this crazy-ass backend software for work and had to suspend training until we can get Windows to stop crashing. Sigh.

[photon]

I'll be very interested in the pricing of the Intel chip based Apple products when the come out. Apple can't hide high pricing for inferior hardware from the average consumer any longer, you'll be able to compare (wait for it) apples to apples.

Being able to dual boot OSX and Windows would be excellent. Not sure if it'll be possible, but if it is and the prices are somewhat comperable they might see a good jump in their hardware sales. OSX for day to day use, boot into Windows for games.

[mykalberta]

Not sure of why this is posted here, unless alot of people are running servers or computers without a firewall in front of them.

For those who are running Windows Server - dont use Email or IE untill the 9th - M$ is coming out with a patch for it then. This is rated critical on the server side.

In test environments it has brought down a VM 2K3 Exhchange Server, 1 Project 05 Server. Domain Controllers seem to be unaffected (not sure why - I assume since the domain security policy resides on the server itself maybe.

This sounds eerily familiar to the Root-Kit watch bulletin that they sent out.

MYK

[Bobblehead]

It affects all versions of Windows. The Windows API provided as way to allow a .jpg or any WMF object to run a script if the object failed for some reason. A couple weeks ago it was revealed a malicious script could be loaded in there. Then just at the start of New Years somebody posted a code example of how to exploit this. The the script kiddies got a hold of this code and the number of websites attempting to use this exploit grew, primarily using thumbnail images.

You can download a vulnerability checker from the GRC.com website if you are curious to see if you could be infected. There is also a non-Microsoft patch there if you are really concerned.

http://www.grc.com/sn/notes-020.htm

Now I don't think it is as bad as was expected. It doesn't seem to be going nuts, so the intial hue and cry was probably way overdone. But the threat of being infected just by looking at a picture because of Metafile data is a bit of a concern.

[Ironhorse]

For those of you who are worried or keeners, Microsoft released their patch a few days early. You can get it here. Just sort by date by clicking on the Release Date column.

Next week's security updates will have it included also.

(And they wonder why I hate Windows servers.... )

[ken0042]

My home PC told me the update was ready and waiting for me tonight.

[photon]

One has to wonder when a 3rd party without access to the source code releases a patch days before the software vendor does...

Microsoft has made strides this year for security, but they aren't there yet.

[arsenal]

Quote:

Originally Posted by photon

One has to wonder when a 3rd party without access to the source code releases a patch days before the software vendor does...

Microsoft has made strides this year for security, but they aren't there yet.

From the .WMF HotFix FAQ Site

Quote:

What does the WMF Hotfix do?

The hotfix DLL patches the Escape() function in gdi32.dll and makes SETABORT escape sequence invalid. The hotfix removes this function only in memory, it makes no changes to the filesystem.

So, the hot fix will just hook the gdi32.dll and make that function invalid. Fairly basic routine if you don't have the source code available, but need to make changes during the execution of the program.

I used to have a program that would convert a binary exe close to C code that would allow you to step through the code. It was pretty cool. And is a basic tool if you wanted to find the functions, and create a hook for a dll.

[mykalberta]

Quote:

Originally Posted by photon

One has to wonder when a 3rd party without access to the source code releases a patch days before the software vendor does...

Microsoft has made strides this year for security, but they aren't there yet.

3rd Party patches normally come out earlier cause these security companies are paid to look for vulnerabilites. And they wont release the vulnerability until they themselves have a fix.

M$ takes a while longer cause they dont just have to make a patch, they have to test it on every version of windows (10+ currently).

I wont be deploying it until Saturday evening using SMS on our production servers.

MYK