|
Administrator H/PC Oracle Posts: | 17,990 |
Location: | United Kingdom | Status: | |
| For Your Information:
Quote Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.
On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.
"I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.
SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.
"The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th." Said Liston in the diary. Quote is by Mark-James McDougall, NeoWin Security Focus
An IDS for those that want to know is a Intrusion Detection Systems.
Microsoft Information: http://www.microsoft.com/technet/security/advisory/912840.mspx
Microsoft's Recommendation:
Quote For Windows XP Service Pack 1; Windows XP Service Pack 2; Windows Server 2003 and Windows Server 2003 Service Pack 1
Microsoft has tested the following workaround. While this workaround will not correct the underlying vulnerability, it helps block known attack vectors. When a workaround reduces functionality, it is identified in the following section.
Note The following steps require Administrative privileges. It is recommended that the machine be restarted after applying this workaround. It is also possible to log out and log back in after applying the workaround. However, the recommendation is to restart the machine.
To un-register Shimgvw.dll, follow these steps:
1. Click Start, click Run, type "regsvr32 -u %windir%\system32\shimgvw.dll" (without the quotation marks), and then click OK.
2. A dialog box appears to confirm that the un-registration process has succeeded. Click OK to close the dialog box.
Impact of Workaround: The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.
To undo this change, re-register Shimgvw.dll by following the above steps. Replace the text in Step 1 with “regsvr32 %windir%\system32\shimgvw.dll” (without the quotation marks). |
|
|
|
Subscribers H/PC Guru Posts: | 5,738 |
Location: | United States | Status: | |
| Wow, C:Amie, that is just scary... I applied it immediately... |
|
|
|
Administrator H/PC Oracle Posts: | 17,990 |
Location: | United Kingdom | Status: | |
| It is indeed.
Especially as it's a virus/worm exploit, not just a url exploit as is usually the case |
|
|
|
H/PC Elder Posts: | 2,156 |
Location: | Barrie, Ontario | Status: | |
| Good grief. Every few months I get an urge to install XP and, without fail, something like this surfaces. I hope my next desktop/laptop can be rolled back to W2K.
edit. I never thought I'd see the day where mainstream systems could so easily be compromised by *data* files. So much for the Microsoft Security Initiative. What next, opening a plain text file infects your machine? This nonsense from Redmond will never end or substantially improve.
Edited by wallythacker 2006-01-02 9:31 AM
|
|
|
|
Administrator H/PC Oracle Posts: | 17,990 |
Location: | United Kingdom | Status: | |
| Ah, but it's only not in Windows 2000 by the grace of a DLL file being absent, the 2000 fax viewer doesn't handle images.
However, let us not pretend for a second that such things don't impact other OS's. I booted up Ubuntu after a 3 week hiatus, and there's 80MB of critical updates to download and install. We just don't hear about linix issues so readily. So I wouldn't be put off taking the plunge really. |
|
|
|
H/PC Elder Posts: | 2,156 |
Location: | Barrie, Ontario | Status: | |
| But but, we're the savvy ones. We *know* a certain degree of maintenance is required and carry it out, be it Windows, OSX, Linux, whatever. Ownership entails some responsibility.
Average Joe(sephines) don't care diddly about updates as long as they can email their stupid jokes and pictures back and forth. That is, until their bank account is emptied.
Stuff like this from Microsoft is akin to GM informing owners that they personally need to torque down their motor mounts before the engine falls out. It just shouldn't happen if the legwork was done properly.
/shakes head and mumbles incoherently about crummy products in the hands of morons |
|
|
|
Subscribers H/PC Guru Posts: | 5,738 |
Location: | United States | Status: | |
| I think that when Vista comes out, I might get an upgrade to XP Pro, or roll down to W2K.. W2K on a P4, must be very fast |
|
|
|
H/PC Elder Posts: | 2,156 |
Location: | Barrie, Ontario | Status: | |
| It's a subjective thing, but to me Xp is tardier than 2k. I'm using 200mb RAM static so I'd hate to see how that would rise with XP. And here I thought 512mb would be all the memory anyone would want.
Granted XP boots faster but the few times I tried XP it wasn't as zippy as 2k. So here I remain, back in 1999, lol. Hmm, my desktop OS is as old, older in some cases than the OS on my hpcs.
edit: My emachine came with XP home and it was a slug even after I disabled all the needless rubbish. Installing 2k was like doubling my cpu speed.
Edited by wallythacker 2006-01-02 3:47 PM
|
|
|
|
H/PC Oracle Posts: | 16,175 |
Location: | Budapest, Hungary | Status: | |
| i think 512 must be quite good with XP. i've been running it with 384 for more than 3 years now it isn't exactly lightning fast but good enough. too lazy to try w2k |
|
|
|
Subscribers H/PC Guru Posts: | 5,738 |
Location: | United States | Status: | |
| Supposedly, XP can run at 64 MB... Gos, how slow that would be... |
|
|
|
H/PC Oracle Posts: | 16,175 |
Location: | Budapest, Hungary | Status: | |
| well i have a P1 with 64 mb ram at home that has XP installed. |
|
|
|
Subscribers H/PC Guru Posts: | 5,738 |
Location: | United States | Status: | |
| How fast is it? |
|
|
|
Global Moderator H/PC Oracle Posts: | 12,670 |
Location: | Southern California | Status: | |
| Please don't assume Windows 2000 is safe. We have that at work, and one virus brought the whole county to its knees for over 24 hours a few weeks ago. |
|
|
|
H/PC Oracle Posts: | 16,175 |
Location: | Budapest, Hungary | Status: | |
| well honestly i don't know it was used as a gateway to share the internet before we got a switch (and then a router ). but i can start it up tomorrow |
|
|
|
Global Moderator H/PC Oracle Posts: | 12,670 |
Location: | Southern California | Status: | |
| Should boot up in about a week or so . . . . |
|
|