|
||
Title: Trojan alert over unpatched Windows flaw Post by purpleydog on Dec 29th, 2005, 10:29pm http://www.theregister.com/2005/12/29/wmf_trojan_alert/ Incoming! By John Leyden Published Thursday 29th December 2005 12:46 GMT Hackers have created a range of Trojan programs which exploit a dangerous new Windows Meta File vulnerability. The vulnerability is rated critical, and so far, no patch has been issued. The WMF vulnerability exists in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer. Click Here Windows PCs infected by malware from the Trojan-Downloader Agent-ACD family are liable to download other malware programs onto a compromised machine as explained in an analysis by Russian anti-virus firm Kaspersky Lab here. Kaspersky advises users not to open untrusted files with a *.wmf extension. Users should also configure their Internet Explorer security settings to "high" as a precaution, it recommends. Anti-virus firms are updating signature definition files to detect the risk, and protection is now largely in place. ® Be careful out there folks. [smiley=smokin.gif] |
||
Title: Re: Trojan alert over unpatched Windows flaw Post by purpleydog on Jan 6th, 2006, 4:17am http://www.theregister.com/2006/01/06/microsoft_wmf_vulnerability_patch/ Here's a patch for this. Microsoft backtracks on WMF patch Releases early By Gavin Clarke in San Francisco Published Friday 6th January 2006 00:22 GMT Microsoft has yielded to pressure and released a patch for the latest Windows security vulnerability, breaking its regular once-a-month update schedule. The software giant has issued a software patch for the Windows Meta File (WMF) vulnerability, uncovered on Dec. 27 and confirmed on Dec. 28, that Microsoft had initially planned to release with other software updates and fixes on January 10. The patch, MS06-001, is available here. http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx Microsoft's decision followed mounting criticism that it was leaving millions of users vulnerable to a growing number of WMF attacks, while experts had advised users to take the unprecedented step of downloading non-Microsoft fixes. In a statement, Microsoft said it was acting following "strong customer sentiment that the release should be made available as soon as possible." The u-turn comes after Microsoft earlier this week attempted to sooth concerns and silence critics saying, although the WMF vulnerability was serious and malicious attacks were being attempted by hackers, "Microsoft's intelligence sources indicated that the scope of the attacks are not widespread." According to Microsoft, the WMF vulnerability only effects machines running Windows 2000 Service Pack 4, XP SP 1 and SP 2, XP Professional x64 Edition, Windows Server 2003 and Server 2003 SP 1 and Windows Server 2003 x64 Edition. Older versions of Windows - Windows 98, 98 Second Edition and Millennium Edition - are going unpatched. While these version of Windows do contain the affected component, Microsoft said the vulnerability is not critical because an "exploitable attack vector" has not been identified that would justify a critical severity rating. Microsoft will only release updates for "critical" security issues on these dating operating systems. Users still running on Windows NT and pre SP 4 versions of Windows 2000 also get nothing because these have reached the end of Microsoft's mandated support lifecycles. Instead, Microsoft has advised users to upgrade to later editions of Windows.® Good Luck folks. [smiley=smokin.gif] |
||
Title: Re: Trojan alert over unpatched Windows flaw Post by vig on Jan 6th, 2006, 8:21am thx CHris! |
||
Clusterheadaches.com Message Board » Powered by YaBB 1 Gold - SP 1.3.1! YaBB © 2000-2003. All Rights Reserved. |