Windows Zero-Day Flaw being exploited

DO · Wed, 01-04-2006, 10:56 PM

Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.

On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.

"I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.

SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.

"The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th." Said Liston in the diary.

Microsoft Security Advisory (912840)
F-Secure Weblog

It just keeps getting worst:
http://www.informationweek.com...D=174904839&pgno=1

Becareful fellow GWers

**Lefty** · Wed, 01-04-2006, 11:15 PM

Thank God I use a mac. I feel for the Window users stuck with all these tojans viruses and worms.

**Board of Command** · Wed, 01-04-2006, 11:23 PM

The only problem I ever got was the Blaster.32 thing a couple years back. As unlikely as it sounds, I've never had any other problems with Windows.

***Deadfire*** · Wed, 01-04-2006, 11:34 PM

I've ready have had to fix about 10-15 computers hit by it....interesting stuff it is

**LaZie** · Thu, 01-05-2006, 02:49 AM

Oh nooooooes!

***Kraco*** · Thu, 01-05-2006, 04:24 AM

I actually installed a few days ago the unofficial patch from Ilfak Guilfanov (mentioned in F-secure webblog). Thought I doubt it was needed with my surfing habits... But who knows. I do visit some disreputable sites, like one Gotwoot Evolution, after all...

Doing something about this can certainly be recommended to those who actively search for images, like new anime fanart.

**LaZie** · Thu, 01-05-2006, 04:39 AM

Or porn and hentai [img]i/expressions/face-icon-small-tongue.gif[/img]

**Cal_kashi** · Thu, 01-05-2006, 12:40 PM

I've never had a virus/worm/trojan (etc) problem and I've abusing wintendo and PC's for many years now.

**Board of Command** · Thu, 01-05-2006, 01:16 PM

Originally posted by: LaZyKiD
Or porn and hentai

You just gotta know where to look [img]i/expressions/face-icon-small-happy.gif[/img]

**Paulyboy** · Thu, 01-05-2006, 02:14 PM

Im not the master of Technical Computers and all, so this is all for windows users? I have winxp version 2002!!!!!!

**Carnage** · Thu, 01-05-2006, 08:12 PM

Originally posted by: DragonOutlaw

Released on December 28th, the Windows .WMF exploit has been a nasty one, and according to the SANS Internet Storm Center, things will only get worse.

On December 31st, a new and improved version of the WMF exploit had been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.

"I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad." Stated Tom Liston in the SANS Internet Storm Center Diary.

SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner isn't enough to protect against some of the more advanced variants of the exploit.

"The word from Redmond isn't encouraging. We've heard nothing to indicate that we're going to see anything from Microsoft before January 9th." Said Liston in the diary.

Microsoft Security Advisory (912840)
F-Secure Weblog

It just keeps getting worst:
http://www.informationweek.com...D=174904839&pgno=1

Becareful fellow GWers

ZOMG thx for the heads up

Thread: Windows Zero-Day Flaw being exploited

Thread Tools

Display