Yet Another Bulletin Board

Welcome, Guest. Please Login or Register.
Nov 22nd, 2024, 5:35pm

Home Home Help Help Search Search Members Members Member Map Member Map Login Login Register Register
Clusterheadaches.com Message Board « Trojan alert over unpatched Windows flaw »


   Clusterheadaches.com Message Board
   New Message Board Archives
   2006 General Board Posts
(Moderator: DJ)
   Trojan alert over unpatched Windows flaw
« Previous topic | Next topic »
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print
   Author  Topic: Trojan alert over unpatched Windows flaw  (Read 415 times)
purpleydog
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Posts: 2240
Trojan alert over unpatched Windows flaw
« on: Dec 29th, 2005, 10:29pm »
Quote Quote Modify Modify

http://www.theregister.com/2005/12/29/wmf_trojan_alert/
 
 
Incoming!
By John Leyden
Published Thursday 29th December 2005 12:46 GMT
 
 
Hackers have created a range of Trojan programs which exploit a dangerous new Windows Meta File vulnerability. The vulnerability is rated critical, and so far, no patch has been issued.
 
The WMF vulnerability exists in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer.
Click Here
 
Windows PCs infected by malware from the Trojan-Downloader Agent-ACD family are liable to download other malware programs onto a compromised machine as explained in an analysis by Russian anti-virus firm Kaspersky Lab here.
 
Kaspersky advises users not to open untrusted files with a *.wmf extension. Users should also configure their Internet Explorer security settings to "high" as a precaution, it recommends. Anti-virus firms are updating signature definition files to detect the risk, and protection is now largely in place. ®
 
 
Be careful out there folks.  smokin
IP Logged

purpleydog
CH.com Alumnus
New Board Hall of Famer
USA 
*****






   
Email

Posts: 2240
Re: Trojan alert over unpatched Windows flaw
« Reply #1 on: Jan 6th, 2006, 4:17am »
Quote Quote Modify Modify

http://www.theregister.com/2006/01/06/microsoft_wmf_vulnerability_patch/
 
 
Here's a patch for this.
 
Microsoft backtracks on WMF patch
Releases early
By Gavin Clarke in San Francisco
Published Friday 6th January 2006 00:22 GMT
 
 
Microsoft has yielded to pressure and released a patch for the latest Windows security vulnerability, breaking its regular once-a-month update schedule.
 
The software giant has issued a software patch for the Windows Meta File (WMF) vulnerability, uncovered on Dec. 27 and confirmed on Dec. 28, that Microsoft had initially planned to release with other software updates and fixes on January 10. The patch, MS06-001, is available here.
http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx
 
Microsoft's decision followed mounting criticism that it was leaving millions of users vulnerable to a growing number of WMF attacks, while experts had advised users to take the unprecedented step of downloading non-Microsoft fixes.
 
In a statement, Microsoft said it was acting following "strong customer sentiment that the release should be made available as soon as possible."
 
The u-turn comes after Microsoft earlier this week attempted to sooth concerns and silence critics saying, although the WMF vulnerability was serious and malicious attacks were being attempted by hackers, "Microsoft's intelligence sources indicated that the scope of the attacks are not widespread."
 
According to Microsoft, the WMF vulnerability only effects machines running Windows 2000 Service Pack 4, XP SP 1 and SP 2, XP Professional x64 Edition, Windows Server 2003 and Server 2003 SP 1 and Windows Server 2003 x64 Edition.
 
Older versions of Windows - Windows 98, 98 Second Edition and Millennium Edition - are going unpatched. While these version of Windows do contain the affected component, Microsoft said the vulnerability is not critical because an "exploitable attack vector" has not been identified that would justify a critical severity rating. Microsoft will only release updates for "critical" security issues on these dating operating systems.
 
Users still running on Windows NT and pre SP 4 versions of Windows 2000 also get nothing because these have reached the end of Microsoft's mandated support lifecycles. Instead, Microsoft has advised users to upgrade to later editions of Windows.®
 
 
Good Luck folks.  smokin
IP Logged

vig
CH.com Alumnus
New Board Hall of Famer
USA 
*****




CHit Happens

    alongivsiuolluap
WWW Email

Gender: male
Posts: 4401
Re: Trojan alert over unpatched Windows flaw
« Reply #2 on: Jan 6th, 2006, 8:21am »
Quote Quote Modify Modify

thx CHris!
IP Logged


never, Never, NEVER quit. -Winston Churchill
Pages: 1  Reply Reply Notify of replies Notify of replies Send Topic Send Topic Print Print

« Previous topic | Next topic »


Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1!
YaBB © 2000-2003. All Rights Reserved.


©1998-2010 Web Vision Enterprises All rights reserved. All information on this site is protected by international copyright laws. You may not re-distribute any information from this site without written permission from Web Vision Enterprises and the webmaster of this site. Violators will be prosecuted.
You may view our privacy policy and financial disclosure statement here

test rss