Home | Community | Message Board


This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Unfolding Nature Shop: Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1
InvisibleDiploidM
Cuban

Folding@home Statistics
Registered: 01/09/03
Posts: 19,274
Loc: Rabbit Hole
Yet Another Windows Security Flaw - More Serious Than Usual
    #5137824 - 01/04/06 07:34 AM (18 years, 4 months ago)

Windows flaw: are you protected?

By Louisa Hearn
January 4, 2006 - 3:14PM

Security companies are battening down the hatches to help protect PC users from a new 'high-risk' vulnerability in Microsoft's Windows software that could let an attacker take control of your computer. Here is overview of the threat and what you can do to prevent an attack.

What is the Microsoft WMF vulnerability?

The vulnerability exists in the software used for formatting images in Microsoft's operating system called the Windows Meta File.

This software was designed to allow Windows users to view certain images either from websites or those have been sent over the internet, but hackers have found a way to infect some images with malicious software that will be switched on by the WMF, potentially allowing external access to a PC.

The threat was discovered on December 27 and has been rated "high risk" by security companies such as Symantec.

Who is vulnerable?

The vulnerability exists in most recent versions of Microsoft's operating system which means the majority of PC users are vulnerable to attack. These include users of Windows XP, Windows 2000, and Windows 98. If you use any of those systems, simply viewing images with malicious content from an email, instant message, or on an unknown website could be enough to expose your computer to attack.

What sort of attacks have been reported?

According to computer security response team, Auscert, attacks take many different forms, but have in common the objective of getting PC users to click on an image infected with malware.

To exploit the WMF flaw, attacks are launched mainly via the internet or email-based communications. From the internet, an attacker would try to persuade you to visit their web site by asking you to click on a link that led to the malicious image.

An email-based attack would try to tempt you to click on a link within a malicious email or open an attachment. But just opening an email in a system that displays attached images by default using the WMF could also trigger an attack, say security experts.

Messages may or may not appear to be from someone you know, depending on how the malware has been distributed, warns Auscert.

Anti-virus company, Sophos, estimates there are now over one hundred individual threats related to the WMF vulnerability mainly taking the form of 'trojan' emails that have the ability to take over the control of a computer. While there is evidence of WMF-related malware within Australia, Symantec says most incidents have been reported from North Amerca.

What should I do?

Microsoft is yet to release a patch for the vulnerability because it is still being tested. It aims to have a fix ready for Tuesday January 10 and in the meantime advises PC users to avoid opening unsolicited email or clicking on web links to unfamiliar internet addresses.

For extra protection, it recommends you update anti-virus software and follow instructions on it's website to disable some processes to help minimise the possibility of an attack.

Will anti-virus software protect me?

While anti-virus companies say they cannot protect against every single new threat built to exploit new vulnerabilities such as WMF, owing to the similar nature of many the infected image files, companies like Sophos and Symantec are now providing updates in security software that can detect and remove some of the known malware targeting the flaw.

Auscert recommends daily updates of anti-virus and spyware software.


--------------------
Republican Values:

1) You can't get married to your spouse who is the same sex as you.
2) You can't have an abortion no matter how much you don't want a child.
3) You can't have a certain plant in your possession or you'll get locked up with a rapist and a murderer.

4) We need a smaller, less-intrusive government.

Extras: Filter Print Post Top
Offlinedebianlinux
Myconerd - DBK
Male User Gallery

Folding@home Statistics
Registered: 12/09/02
Posts: 8,334
Loc: Over There
Last seen: 10 months, 19 days
Re: Yet Another Windows Security Flaw - More Serious Than Usual [Re: Diploid]
    #5137936 - 01/04/06 08:59 AM (18 years, 4 months ago)

regsvr32 /u shimgvw.dll

yeah, it breaks thumbnails, who gives a shit?

Extras: Filter Print Post Top
Offlinedrtyfrnk
PresidentialCandidate 2008
Male

Folding@home Statistics
Registered: 01/24/05
Posts: 2,961
Loc: Ontario, Canada
Last seen: 14 years, 6 months
Re: Yet Another Windows Security Flaw - More Serious Than Usual [Re: debianlinux]
    #5139592 - 01/04/06 04:44 PM (18 years, 4 months ago)

Quote:

debianlinux said:
regsvr32 /u shimgvw.dll

yeah, it breaks thumbnails, who gives a shit?




You should be working for M$ then :tongue:

:thumbup:


--------------------
It's Krang, Bitch!  :krang:

Extras: Filter Print Post Top
Jump to top Pages: 1

Unfolding Nature Shop: Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* Microsoft Word security flaw BuzzDoctor 1,741 9 10/19/02 11:48 AM
by Purple_Voyage
* Windows security mm. 1,836 1 06/01/01 06:08 PM
by Its Pat
* FTC: Windows feature is a backdoor for spam motamanM 1,271 7 11/12/03 07:34 AM
by T0aD
* Microsoft Issues Patch for 'Critical' Windows Secu Mojo_Risin 1,151 4 11/21/02 06:44 PM
by Mojo_Risin
* Your opinion on Windows XP SP2
( 1 2 all )
Fliquid 3,698 28 02/08/05 12:09 AM
by Fliquid
* Computer Security dog 1,370 10 12/22/03 03:31 PM
by dog
* Multiple Internet Explorer Vulnerabilities darkfly 1,270 7 07/15/04 03:43 AM
by AhronZombi
* I need a windows exploit scanner - I trade :) T0aD 1,749 8 08/25/02 12:50 PM
by tps

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
816 topic views. 0 members, 0 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.022 seconds spending 0.007 seconds on 14 queries.