Slashdot Mirror

← Back to Stories (view on slashdot.org)

Businesses Urged To Use Unofficial Windows Patch

Posted by Zonk on from the quick-quick dept.

frankie writes "ZDNet is reporting on the latest dire pronouncements about the WMF vulnerability. The problem is so serious that security experts are urging IT firms to use the unofficial patch. Microsoft's current goal is to release the update on Tuesday." From the ZDNet article: "This is a very unusual situation -- we've never done this before. We trust Ilfak, and we know his patch works. We've confirmed the binary does what the source code said it does. We've installed the patch on 500 F-Secure computers, and have recommended all of our customers do the same. The businesses who have installed the patch have said it's highly successful" It's big enough that even mainstream media is covering the flaw.

9 of 374 comments (clear)

  1. More details by anandpur · · Score: 5, Informative

    Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution

    http://www.securityfocus.com/bid/16074
    http://www.microsoft.com/technet/security/advisory /912840.mspx
    http://www.symantec.com/avcenter/venc/data/pf/pwst eal.bankash.g.html

  2. Re:block wmf by NinePenny · · Score: 5, Informative

    Its not just the extension that dictates that it's a WMF... Windows in its infinate wisdom also looks at the header bytes of the file and says "ohh! thats a WMF!" Execute! im in a damned hurry, hopfully I stated that correctly...ymmv

  3. Re:block wmf by Raato · · Score: 3, Informative

    How do you intend to block them? Block anything with extension .wmf? Isn't enough as the file will be identified and handled as wmf, no matter what the extension is.

    From http://isc.sans.org/diary.php?storyid=994/ you can find that "WMF files are recognized by a special header and the extension is not needed. The files could arrive using any extension, or embeded in Word or other documents."

    --
    Microsoft? Is that some kind of a toilet paper?
  4. Re:Does MS view this as important? by Ucklak · · Score: 4, Informative

    I wouldn't call it hundreds.
    Even so, it probably just a few code libraries to check against as I doubt they check against each and every title listed here:
    http://support.microsoft.com/gp/lifeselect

    Probably their main concern is the Enterprise level support they have to comply with and NOT rush a patch out.

    --
    if you steal from one source, that is plagiarism, if you steal from many, well, that's just research.
  5. MS workaround by Telepathetic+Man · · Score: 3, Informative

    The current official suggestion from MS is to limit problems is of course to unregister the related driver, shimgvw.dll.

    --
    Just because you can, does not mean you should.
  6. The issue was actually a feature... by antdude · · Score: 5, Informative

    According to this F-Secure's Web log, it tells what is going wrong with the Windows Metafiles (WMF) vulnerability. It turns out this is not really a bug, it's just a bad design from another era. When Windows Metafiles were designed in late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something which was needed at the time. The feature now in the limelight is known as the Escape() function and especially the SetAbortProc subfunction, and has been around since Windows 3.0, shipped in 1990...

    Seen on Digg. This Broadband Reports' security forum thread mentioned this as well.

    Copied and pasted from my AQFL Web site.

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  7. Download by reconn · · Score: 5, Informative

    If you want the patch itself, try here:
    http://isc.sans.org/diary.php?storyid=1010

    Second time this story came up with no links to the patch.

    --
    Everything that was once directly lived has receded into a representation. -debord
  8. Not good enough... by rewt66 · · Score: 3, Informative

    Not all WMF files have the .wmf extension. Some may have .bmp, .gif, .jpeg, or about a dozen others.

    I saw a list a few minutes ago, but I don't remember where...

  9. Hey! I just got sent one of these! by ScaryFroMan · · Score: 3, Informative
    Got it from some professor at "Yale." The link opens up some WMF file, or at least it tried to, when Firefox asked me what program to open it with. MacAfee caught it then too. A txt file was attached. Beware, I suppose. Here's the full text.

    Hello,

    We are very sad to say that over the New Year the Campus was subjected to several acts of mindless vandalism. As well as bricks being thrown through windows, several members of staff have reported their cars as being the subject of practical jokes. Some of these cars were filled with water whilst others had graffiti daubed across them. We have uploaded the pictures of the graffiti here http://playtimepiano.home.comcast.net/ in the hope that someone may recognise the culprits work. If anyone can shed any light on this unfortunate incident could they please contact the main office as soon as they have time.

    Many Thanks & Best Regards,

    Professor Robert Gordens

    Yale

    --
    In Soviet Russia, backwards is everything.