On MovieTome: The 10 worst movies of 2009 so far!
BNET Business Network:
BNET
TechRepublic
ZDNet
102 TalkBacks

By Dawn Kawamoto
Posted on ZDNet News: Jan 3, 2006 7:55:00 PM

A flaw in Microsoft's Windows Meta File has spawned dozens of attacks since its discovery last week, security experts warned Tuesday.

The attacks so far have been wide-ranging, the experts said, citing everything from an MSN Messenger worm to spam that attempts to lure people to click on malicious Web sites.

The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit, said Mikko Hypponen, chief research officer at F-Secure.

infected sites

"Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen," Hypponen said. "We estimate 99 percent of computers worldwide are vulnerable to this attack."

The Windows Meta File flaw uses images to execute arbitrary code, according to a security advisory issued by the Internet Storm Center. It can be exploited just by the user viewing a malicious image.

Microsoft plans to release a fix for the WMF vulnerability as part of its monthly security update cycle on Jan. 10, according to the company's security advisory.

"We have seen dozens of different attacks using this vulnerability since Dec. 27," Hypponen said. "One exploits image files and tries to get users to click on them; another is an MSN Messenger worm that will send the worm to people on your buddy list, and we have seen several spam attacks."

He added that some of the spam attacks have been targeted to select groups, such as one that purports to come from the U.S. Department of State. The malicious e-mail tries to lure the user to open a map attachment and will then download a Trojan horse. The exploit will open a backdoor on the user's system and allow sensitive files to be viewed.

The WMF flaw has already resulted in attacks such as the Exploit-WMF Trojan, which made the rounds last week.

Although Microsoft has not yet released a patch, security vendors such as F-Secure and the Internet Storm Center are noting Ilfak Guilfanov, a Russian security engineer, has released an unofficial fix that has been found to work.

"Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system," F-Secure noted in its daily security blog. "All pictures and thumbnails continue to work normally."

Security companies also are advising computer users to unregister the related "shimgvw.dll" portion of the Windows platform. Unregistering the dll, however, may also disable certain Windows functions and has not been thoroughly tested, according to a security advisory issued by Secunia.

Despite the potential for a large number of computer users to be affected by exploits related to this vulnerability, Hypponen said the chances of a widespread outbreak from a virus, as people return to work from the long holiday, are unlikely.

"We are still far away from a massive virus," he said. "Most people get attacked by this if they (search for something on the Internet) and get a million results. They may click on a link that goes to a malicious Web site or one that has been hacked, and then get infected."

SponsoredWhite Papers, Webcasts, and Downloads

  • Talkback
  • Most Recent of 102 Talkback(s)
Re: Any proof or examples
Yah, I heard that it happened to the friend of someone who know's the dentist of my cousin's auto mechanic.... (Read the rest)
Posted by: speedracerxtreme Posted on: 01/06/06 You are currently: a Guest | | Terms of Use
Windows flaw spawns dozens of attacks  Loverock Davidson | 01/03/06
Overhyped probably...  csa0307 | 01/03/06
User mistake?  spdrcrtob | 01/03/06
Remains to be seen  MillenneumMan | 01/03/06
Yet more remains in view??  DNSB | 01/03/06
Protected By A Peguin  IceTheNet@... | 01/03/06
Nothing to worry about?????  tombalablomba | 01/03/06
WMF 0-day vulnerability is not a bug, it's a feature  ~doolittle~ | 01/03/06
Scare tactic?  RazorEdge | 01/03/06
Perhaps you are right, but...  donw1234 | 01/03/06
good Idea but how long till that is exploited  IceTheNet@... | 01/03/06
youre no mike cox.  linuxoverwindows | 01/03/06
true we will give him a 3  IceTheNet@... | 01/03/06
I'm not sure if this is accurate or verified...  Yen_z | 01/03/06
Overhyping? Smallest of things?  Hugh Jass | 01/03/06
hmmmmmm...  nix_os_fan | 01/04/06
This exploit been around since 2001...  cburgess | 01/04/06
Is there a patch yet?  el1jones | 01/03/06
On the 10th  Loverock Davidson | 01/03/06
don't wait for the official MS patch  ~doolittle~ | 01/03/06
and another place to get the fix:  linuxoverwindows | 01/03/06
Not really....  Leria | 01/03/06
Interesting  tombalablomba | 01/04/06
Whew  Chad_z | 01/04/06
You are a prize prat! Please go back to your cave!  GetReal-mac.com | 01/04/06
yes it is called the mepis fix  IceTheNet@... | 01/03/06
Patch coming out when????  spinit_z | 01/03/06
wait for it... wait for iiiiit...  linuxoverwindows | 01/03/06
Yes! It will!!!  Yen_z | 01/03/06
Flaw is overrated...  Mike Cox | 01/03/06
Re: Flaw is overrated...  richdave | 01/03/06
flaw is overrated?  pablito@... | 01/03/06
Forget the plane, XP is thus not reliable enough for a car  eric.pederson@... | 01/03/06
Flaw is overrated...  Ballzo | 01/03/06
.. hook ... line .... sinker happy (NT)  rick752 | 01/03/06
Hook line and sinker  GWIII | 01/04/06
I agree but the flaw is windows  IceTheNet@... | 01/03/06
How would you like these dressed......  Quiet_Type | 01/03/06
A new year and  shallow_diver | 01/04/06
10!  s_gamgee | 01/04/06
Nice catch!  jguyp725@... | 01/04/06
Accuracy we expect from ZDNet...  gfeier | 01/03/06
It was a quote! (NT)  3D0G | 01/03/06
Precisely!  gfeier | 01/03/06
Maybe we should start voting on ZDnet articles instead of Mike Cox  IceTheNet@... | 01/03/06
ZDNet not at fault!  TapDunk | 01/04/06
Microsoft Testing Rebate  rusynr@... | 01/03/06
Rebate  MarkieMark | 01/04/06
unofficial patch is available, and highly recommended  ~doolittle~ | 01/03/06
neither link works?  riix | 01/04/06
Think Defensively  Mr. Roboto | 01/03/06
Think Different  mchupa | 01/03/06
FW and AV is not enough...  cburgess | 01/04/06
oh great, we have to wait for the patch?  CobraA1 | 01/03/06
And if MS quickly issued a bad patch...  hberenson | 01/03/06
You completely missed the point  CobraA1 | 01/04/06
Windows Flaw  benf_z | 01/03/06
Ignorant?  eric.pederson@... | 01/03/06
Very astute observation!  MacGeek2121 | 01/03/06
Very astute observation!  MacGeek2121 | 01/03/06
I've know this guy...  Yen_z | 01/03/06
I know this guy...  Yen_z | 01/03/06
Firefox gives some protection  Greenknight_z | 01/03/06
Plans to release?  Richard Flude | 01/03/06
A perfect Example  grandis@... | 01/03/06
Somebody should send those nice  Boot_Agnostic | 01/03/06
And then...  Hugh Jass | 01/03/06
I'm waiting for them to explore the many RAW formats  Boot_Agnostic | 01/04/06
How is that possible?  Richard Flude | 01/03/06
Why not draconian?  zdnet@... | 01/03/06
Well f**king said.  A_Pickle | 01/03/06
They've already had their credit history stolen  Leria | 01/03/06
Not that easy...  cburgess | 01/04/06
I think it is time we punish the companies  Littlebear | 01/03/06
No platform is immune, but the QUALITY of the platform makes a difference.  HypnoToad | 01/03/06
What inherent security?  Leria | 01/03/06
Don't make it bigger than it is  rcb_z | 01/03/06
My ISP and me  trm1945 | 01/03/06
You should have told your ISP where it was coming from  Leria | 01/03/06
The way to protect yourself in the mean time!  Raymonde | 01/03/06
Windows flaw again ...  flavio.becker | 01/04/06
Already protected without MS's help  Mr. Roboto | 01/04/06
AntiVir caught it already  doctordawg | 01/04/06
Microsoft writes the viruses  Kid Icarus-21097050858087920245213802267493 | 01/04/06
I've actually thought it was the AV companies  Boot_Agnostic | 01/04/06
p. c. worm attacks  wknaack@... | 01/04/06
Don't surf with Windows  Chad_z | 01/04/06
4th option  NonZealot | 01/04/06
u've been lucky  Tiberiust | 01/04/06
Don't Blame the O/S  Bee Jay | 01/04/06
Patch or No Patch  Kid Icarus-21097050858087920245213802267493 | 01/04/06
Patch - MS  Jafrh | 01/04/06
Try something new....  pkrdk | 01/04/06
Any proof or examples  pkrdk | 01/04/06
Re: Any proof or examples  speedracerxtreme | 01/06/06
the new flaw in windows  thetrader13 | 01/04/06
Think about it  half@... | 01/04/06
Exploit WMF attacks  DarkSpectre | 01/04/06
We're WAY overdue for being proactively draconian toward hackers  zdnet@... | 01/04/06
Nice Rant...  cburgess | 01/04/06
Windows flaw  jrs161@... | 01/04/06
many spanwaners made me change address  optionwizz | 01/04/06

What do you think?

advertisement
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
advertisement

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More