Slashdot Mirror
Exploit Released for Unpatched Windows Flaw
woodchuck writes "Washington Post reports that another Windows hole has been found and exploit code is now running lose that makes swiss cheese of current patches and security measures.
From the article: "Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied. Anti-virus company Symantec warned of the new exploit, which it said uses a vulnerability in the way Windows computers process certain image files (Windows Meta Files, or those ending in .wmf). Symantec said the exploit is designed to download and run a program from the Web that downloads several malicious files, including tools that attackers could use to control vulnerable computers via IRC.""
From what I read about this earlier (sorry, don't have the link), this exploit was already in the wild and was being used before any of the security companies learned of it. So no, the AV companies did not "let this one loose".
Be a real patriot: Question authority. Think for yourself. Formulate your own conclusions.
Because we never know what else can be installed and I lost all trust in Security companies since the Sony Root Kit. Removing it my-self implies searching infos over the internet and it's not a good idea to browse the web when your computer is compromised. I had nothing important installed so it did'nt matter. I had a new OS installed in a few minutes after that with ZoneAlarm and AVG(both free) and all the latest patches. I also just did the "REGSVR32 /U SHIMGVW.DLL" to not be infected again.
No, it's a buffer overload in Windows Picture and Fax Viewer.
It's a Windows only format, or at least seems to be. I don't find any references of ports to other platforms. It's an old format for doing vector graphics in Windows 3.1.
Can someone explain to me exactly how an image viewer
program running on my client computer can be
made to execute code? Honestly, I don't really understand
these exploits that supposedly take advantage of
a client buffer overflow (or some such thing) to execute
code on my local machine. What makes the instruction pointer in
the code that is reading (in this case) the wmf file suddenly
jump to code that is in the data segment? (Presumably embedded in
the wmf file itself).
Crackers are hackers*. You cant crack someone's system without being very skilled in toying with technology (ie a hacker).
However, hackers aren't nessearily (or usually) crackers.
*This excludes script kiddies et al, since they dont crack someone's system really. they just run someone elses' crack
I remember the days when only exe and com files were what you had to guard. The day word files became dangerous I thought - why did they put all the functionality in them? Idiots. At least image files and plain text files were safe.
I was eating crow shortly thereafter.
I miss the old days.
So I'm kind of curious why he states "though I have used the hack on my machine and haven't had any problems yet. " since it breaks basic XP functionaliry.
Anyway, losing thumbnails and that program is IMHO a very minor price to pay for not having your machine rooted. So just make sure and warn others before you tell them to use this temporary workaround.
I wonder how long we will have to wait for MS to fix this one? Oh well, more money for me if they don't.
If you wanna get rich, you know that payback is a bitch
I got tagged by a trojan using the same exploit on IRC.
I downloaded the wmf file to my desktop, but accidentally double clicked it when I was trying to submit it to trendmicro
I closed the connection with TCP View, but it took out explorer.exe with it.
This is much worse than potential spyware, this exploit is silent and can easily be used to drop keyloggers, or in my case, it opened up a shell back to the guy i was chatting with.
(btw - I knew it was a trojan when i downloaded it)
[Fuck Beta]
o0t!
http://www.dslreports.com/speak/print/default;1512 1004
There's an excerpt of our chat in that post too.
[Fuck Beta]
o0t!
Please indicate a recent worm on an FOSS operating system.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Anyone know if you can get hit with this if you are running a limited user account?
I thought this way until I read up this week on World of Warcraft gold mining businesses located in China and India where the entire business model is based off of exploiting in-game exploits and exploiting people to make a quick buck. After reading the many blogs I found from Google, I have an entirely different perspective of how people in less economically blessed countries choose to work to make a living.
It's still wrong though.....
Well actually, there are many times more Linux machines in the world than Windows machines. Windows only dominates the desktops. Linux dominates servers, routers, cell phones and so on. Last I saw, IBM Marketing estimated that there are more than 2 billion Linux systems in the world (mostly cell phones).
Oh well, what the hell...
There are a lot of countries out there where people are really smart and hard-working, but there are just no kobs out there. What do you do if you have a family to feed, and you can't get a job that pays enough...no one will hire you. You can get pretty desperate. I can see why people in a desperate situation like that would turn to crime.
Yes, if you have a posh tech job it may seem easy for someone that smart to just get a job. But you (or, should I say, your company) wouldn't hire him. Your company probably wouldn't care how smart he is--you wouldn't hire him because he's not a US citizen, or because he doesn't have five years of PHP or whatever is the latest buzzword the idiots in HR decided you must have.
People are desperate in those eastern-bloc nations and I can see why they end up making these kinds of tough decisions.
Oh and those wonderfull windows exploits, works, spyware, wild tangent, trojan horses, worms and blue screens. And then, linux. What I never thought I could afford happened. I had a unix at home. It looked just like the real thing. Root easily accesible from your user account to make it workable to split your accounts. Didn't you hate it when in windows if you wanted to install any software no matter how trivial you had to logout and login as admin to do it and the only way to get some work done was to always get admin privileges on every machine?
Nowadays when someone gives me the root password on a unix like machine I always demand a pay raise. It probably means they expect me to fix it in the weekend.
Thank you MS for making me stick with linux. The energy bill had me y contemplating scrapping my dual P3 linux desktop and only keep my P4 gaming rig. Windows 2003 is actually pretty stable, now all they got to do is clear the goddamn fucking security holes.
Geez, just a few articles ago people were actually talking about how MS was changing and bam we get the mother of all exploits. The only thing worse would be a worm. This is so easily exploitable. Just make an account on forum that allows those awfull avatar images and bam.
I can't believe the slashdot reader reaction either, first bunch of posts are some insane ramblings about hackers/crackers and the rest have some insane fix that even the most moronic idiot can see is a total failure.
Yes fucktards who suggest that whole unregister crap, because of the way MS has setup its OS many a windows program comes with its own copy of the dll it uses EVEN if it is a copy of a Windows OS dll. To avoid versioning problems it is easier to include it then hope the user OS has the right version.
Do a dupe check your dll's in the main windows directories and where you install your programs some times. What do you think the chances are they will all be patched? It is a well known problem and in fact one of the reasons the whole dynamic linking idea was so attractive.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.