Tuesday, January 03, 2006

Beware - Nasty Windows Exploit - wmf files

There is a new Microsoft Windows XP and 2003 exploit, which uses wmf image files to attack.

According to Secunia's website:

The vulnerability is caused due to an error in the handling of corrupted Windows Metafile files (".wmf"). This can be exploited to execute arbitrary code by tricking a user into opening a malicious ".wmf" file in "Windows Picture and Fax Viewer" or previewing a malicious ".wmf" file in explorer (i.e. selecting the file). This can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

Several security groups are reporting that it is extremely easy to get whacked by this vulnerability/exploit just by visiting one of a growing number of malicious Web sites that are now employing this attack. F-Secure's blog post on this indicates that -- because the vulnerability lies in the way Windows parses WMF image files -- Firefox and Opera users also can get infected -- although they at least have to agree to download and run a file first. The Sunbelt Blog Website also has some good information on this exploit, including some nice screenshots of what it looks like when your machine gets hit with this.

Temporary Workaround:

Windows users can disable the rendering of WMF files using the following hack:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Once Microsoft issues a patch, the WMF feature may be enabled again by entering the command "regsvr32 shimgvw.dll" in step three above.

More Information:
Unofficial Patch for Windows Flaw
Security experts are urging Windows users to apply a non-Microsoft-issued software patch to fix an extremely dangerous bug that has exposed hundreds of millions of the operating system's users to spyware and viruses.

The patch was developed by computer programmer Ilfak Guilfanov, perhaps best known in security circles at the creator of IDA Pro, a tool used to design and deconstruct software and even malware.

Article on unofficial patch
Download unofficial patch

I have not been able to successfully get to the website to download the patch. I would use the temporary workaround until an official patch gets released by Microsoft.

Or for a better permanent solution and I really feel I have to mention this - Switch to SuSE Linux 10 or Novell Linux Desktop. ;-)



No comments: