From Theregister (uk)


Recommended Posts

World+dog scrambles to fight Windows flaw

Protect and survive

By John Leyden

Published Tuesday 3rd January 2006 14:08 GMT

Microsoft rushed out a temporary fix on Monday to defend against a dangerous new Windows Meta File vulnerability that became the focus of numerous exploits late last week. Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.

The WMF vulnerability exists in computers running Microsoft Windows XP (SP1 and SP2) and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer. Hackers have created a range of Trojan programs which exploit the flaw. Microsoft said it plans to release a patch against the security hole on 10 January as part of its regular "Patch Tuesday" monthly update cycle. ®

UnofficalPatchHere

Stay safe folks. We all know M$ don't give a **** !

Link to post
Share on other sites
Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.

Well that's certainly not misleading. The only difference between the SANS recommendation and the MS recommendation is that the former recommends using the patch despite, AFAICT, having no evidence that the patch is beneficial if the DLL has been unregistered, or indeed that the patch isn't potentially malificial. Both solutions disable features and may be only partially effective.

Stay safe folks. We all know M$ don't give a **** !

AFAICT this a difficult problem. The exploit is taking advantage of an intentional, documented, and used feature of GDI. The simple solutions (e.g. the third-party patch) break compatibility. It's quite possible that it will take MS some time to develop a solution that preserves enough compatibility to keep their customers happy.

Edited by jcl
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...