New WMF Exploit, Protect Your Computer!

[staylor]

http://blogs.washingtonpost.com/secu...t_release.html

Apparently there is a new security flaw with Windows that is capable of opening up a computer to external attack via spyware, virii (Is that the plural of virus?), and trojans. It uses an exploit within Windows Metafile Format to do this. Basically, all Windows needs to do is parse the image. It has already been on several popular forums (even one I browsed!) and due to it's versitility is probably on many websites too to download malicious spyware.

Internet Explorer immediately parses the image, so until a patch is out (which to my knowledge hasn't happened yet) anyone using this browser is vulnerable. Supposedly there are some ways to use this exploit using only links (not sure about this) so turning the images off may only partly protect you.

Early versions of Firefox and Opera ask you to download the file, so just say NO! Firefox 1.5 ignores the image but still caches it, so as long as you keep emptying your cache WITHOUT looking in it you'll be reasonably safe.

Also Google Toolbar parses the image, so even if you have Firefox 1.5 it can still attack.

The image is dangerous even while cached, so keep clearing it (but don't look in it!). Looking in the cache may generate a thumbnail (depending on your computer settings) which will parse the image.

So what can you do?
-Keep on top of antivirus and Windows updates. Symantec, AVG And Macafee already have updated to defend against the exploit. Update and run these as soon as you can.
-If you are still worried you can go to start>>run and type in (without quotes) "regsvr32 /u shimgvw.dll" this will stop Windows from rendering WMF. I did this but now I can't see thumbnails, repeat the steps with "regsvr32 shimgvw.dll" to go back to normal if you experience problems. This will not stop IE from parsing the image.
-Use the latest version of Firefox.
-Use a Mac (If you just happen to have one lying around)

If anyone sees any mistakes feel free to correct me, part of my job involves securing computers but I'll be the first to admit that I don't always know what's going on with them.

[Snarfevs]

I can verify that this exploit exists

http://www.microsoft.com/technet/sec...ry/912840.mspx

I'm astounded that WMF isn't deprecated yet

[darth massacre]

I've heard of it just today.

http://forums.somethingawful.com/sho...readid=1759903

[Snarfevs]

This could be a real big problem. Just imagine if someone worked a malformed WMF onto the front page of a highly trafficked site...

Hmmm... My brother got hit by it 2 days ago. Though it's just another addition to his collection of spyware, viruses etc...

[NoSeRider]

http://www.winpatrol.com/

http://free.grisoft.com/freeweb.php/doc/2/
I wouldn't wait to buy, just download these now and install.

http://www.mvps.org/winhelp2002/security.htm
Read this and get yourself a fire wall.

I use freeware, and AVG does kick ass.