Let's get started!

Initializing...



Monday, January 02, 2006

Newly Discovered Windows Vulnerability

There is a temporary patch available here, until Microsoft fixes it themselves. Click on the block quote below to go directly to the page which describes this problem in detail. One more thing - once Microsoft does fix it, you'll need to uninstall this patch.
Here's a link to a story claiming the security hole has already been exploited.

Newly Discovered & Immediately
Exploited Windows Vulnerability
A serious new remotely exploitable vulnerability has been discovered in Microsoft Windows' image processing code.

UNTIL THIS IS REPAIRED BY MICROSOFT, ANY ATTEMPT
TO DISPLAY A MALICIOUS IMAGE IN WINDOWS COULD
INSTALL MALICIOUS SOFTWARE INTO THE COMPUTER.

This is a so-called "0-day vulnerability" because exploits for the vulnerability appeared before any updates or patches were available.

All versions of Windows from Windows 98 through ME, NT, 2000, XP, and 2003 are known to be vulnerable, and a large and rapidly growing number of malicious exploits (57 at last count) are already circulating in the wild. They are being actively used to install malware and Trojans into user's machines. Viruses and worms are expected to appear shortly.

Although NOT a complete solution, Microsoft has recommended temporarily disabling the automatic display of some images by the operating system and web browser. This can be done, as detailed below, by "unregistering" the "SHIMGVW.DLL" Windows DLL. THIS IS NOT A COMPLETE SOLUTION, but it significantly lowers the risk from this vulnerability from web surfing.

For Windows 2000, XP, 64-bit XP and 2003 server

The temporary patch described above is a FAR superior
solution. ONLY use the de-registration approach below if
you are unable to use Ilfak's temporary patch.

Do not open any "WMF" — Windows Metafiles — you receive by eMail, and reports are that other file types may also be dangerous.

Anti-virus companies have responded to this, so update your anti-virus signature files for updated protection.

You should IMMEDIATELY disable Windows' use of this
vulnerable DLL until patches from Microsoft are available.

posted by Gravity boy @ 11:23 PM