Sites exploit Windows image flaw  | | 
December 29th, 2005, 03:47 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: May 2002 Location: Stow, Ohio, Sol III
Posts: 1,199
| Sites exploit Windows image flaw
Quote: |
The US net watchdog, the Computer Emergency Response Center (Cert), and security firms have issued warnings about certain types of image files called Windows Metafiles.
| Quote: |
"Exploit code has been publicly posted and used to successfully attack fully-patched Windows XP SP2 systems," said Cert. "However, other versions of the Windows operating system may be at risk as well."
|
Quote: |
Experts said numerous websites were taking advantage of the flaw to sneak into computers and install spyware.
|
BBC
__________________
Well, if crime fighters fight crime and fire fighters fight fire, what do freedom fighters fight? They never mention that part to us, do they?
-George Carlin
| 
|  | |
December 29th, 2005, 03:52 PM
|
#2 (permalink)
| | I do Ouchy-Bleedy.
Join Date: Apr 2002 Location: Albany, Ga.
Posts: 10,642
| http://www.techimo.com/newsapp/index.pl?photo=15546
AND: http://www.f-secure.com/weblog/ Quote:
Microsoft's bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003.
They also list the REGSVR32 workaround. It's a good idea to use this while waiting for a patch. To quote Microsoft's bulletin:
Un-register the Windows Picture and Fax Viewer (Shimgvw.dll)
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll"
(without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded.
Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started
when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps.
Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks).
This workaround is better than just trying to filter files with a WMF extension. There are methods where files with other image extensions (such as BMP, GIF, PNG, JPG, JPEG, JPE, JFIF, DIB, RLE, EMF, TIF, TIFF or ICO) could be used to exploit a vulnerable machine.
|
__________________
They say technology slows down for no one. I know it outruns my wallet. I figure its because my wallet isn't light enough yet.
| 
| | |
December 29th, 2005, 03:56 PM
|
#3 (permalink)
| | Ultimate Member
Join Date: May 2002 Location: Stow, Ohio, Sol III
Posts: 1,199
| US-CERT Technical Cyber Security Alert TA05-362A Quote: |
Since there is no known patch for this issue at this time, US-CERT is recommending sites follow several potential workarounds.
| | |
| | |
December 31st, 2005, 01:15 PM
|
#4 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Toronto Canada
Posts: 4,698
|
A good work around is to not open pictures from the web until you have the patch or to ensure that something else is set as the default to open the pictures - like GIMP or something else.
__________________
AMD Phenom Q9500 Quad-Core 2.2ghz / Asus M3A78-EMH HDMI / 4GB PC667 RAM / 320GB SATA II
| |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
