Trojan alert over unpatched highly critical Windows flaw: .wmf files

[regic]

Hackers have created a range of Trojan programs which exploit a dangerous new Windows Meta File vulnerability. The vulnerability is rated critical, and so far, no patch has been issued....

The WMF vulnerability exists in computers running Microsoft Windows XP with SP1 and SP2, and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files.

full article: http://www.theregister.co.uk/2005/12/29/...jan_alert/

The vulnerability functions in Internet Explorer, and may function in Firefox if certain conditions are met.

The programs detected by Kaspersky Lab which exploit this vulnerability are Trojan-Downloaders, which install other Trojan programs on the victim machine. At the moment, Trojan programs are being downloaded from unionseek.com and iframeurl.biz. New modifications of these programs may appear.

full security advisory: http://www.viruslist.com/en/alerts?alertid=176701669

[Kristijntje]

More adware networks are taking advantage of the Windows Metafile Format flaw, presenting exploited banner ads on Web sites.

Exploits of the WMF (Windows Metafile Format) flaw continued on Thursday as advertising networks took advantage of the vulnerability to spread their "products."

Several security lists and Weblogs warned that the Exfol adware network was presenting coded WMF images on rotating banner ads.

Researchers said that sites running pop-up advertisements from the network will infect viewers with vulnerable systems.

full article: http://www.eweek.com/article2/0,1895,1906915,00.asp

[mandy]

Another article on this very serious unpatched Windows security hole:

Computer hackers are targeting a flaw in Microsoft’s Windows operating system that has placed hundreds of millions of PCs at risk of infection from dangerous "spyware" programs used by criminal gangs to steal people’s identities.

"The … vulnerability probably affects more computers than any other security vulnerability, ever," Mikko Hypponen, chief research officer at F-Secure, said on the web-security company’s website.

Unlike most attacks, which require victims to download an infected file, the newly discovered flaw makes it possible for users to infect their computers simply by viewing a web page, e-mail or instant message that contains a contaminated image.

The underlying "source code", which maps out how to exploit the weakness, has now been published on the net by hackers.

Microsoft has confirmed that the flaw has been actively exploited

full article: http://technology.timesonline.co.uk/arti...21,00.html

[Nat]

Unlike most attacks, which require victims to download an infected file, the newly discovered flaw makes it possible for users to infect their computers simply by viewing a web page, e-mail or instant message that contains a contaminated image.

That's scary.  :-\

[bargainbloodhound]

There was a similar virus in late 2004 that was delivered through banner ads and infected several large European sites...including UK tech magazine The Register. 

http://www.theregister.com/2004/11/21/re...er_attack/

[mandy]

Microsoft plans to patch an increasingly-dangerous zero-day vulnerability in Windows next week as part of its monthly security update, the Redmond, Wash.-based developer said Tuesday.

"Microsoft has completed development of the security update for the vulnerability," a company spokesperson wrote TechWeb in an e-mail. "The security update is now being localized and tested to ensure quality and application compatibility."

She stopped short of promising a patch, however, adding "This release is predicated on successful completion of quality testing."

full article: http://www.informationweek.com/news/show...=175800780

[rose]

Issuing alerts when they find something that is bug-free would be less time consuming for Microsoft. 

[mandy]

Concerns over the lack of a Microsoft-issued patch have pushed the Windows Metafile/Zero-Day bug to top of mind, surpassing even tomorrow's much-anticipated Sober worm attack.

The lag time between the Dec. 27 discovery of the WMF vulnerability and Microsoft's planned Jan. 10 patch availability has forced IT security departments to find alternative means for protecting their systems and prompted a non-Microsoft developer to create a patch that others could use.

All of this serves to damage Microsoft's reputation as a company that can secure its own products—a reputation that only recently was beginning to improve after years of being dragged through the mud. Experts are divided over whether it's wise to use Ilfak Guilfanov's Hexblog patch to fix the WMF vulnerability, which could allow attackers to use WMF images to execute malicious code on their victims' computers. Some say it's a necessary measure to protect systems until the official Microsoft patch arrives; others say it's not worth the extra work to patch twice or to take the risk of using a third-party fix.

full article: http://www.informationweek.com/news/show...=175801150

[mandy]

Microsoft Corp. said on Thursday that it would release a patch for a critical hole in the Windows operating system five days ahead of the planned release date.

The company began releasing a patch for a vulnerability in a Windows component used to render WMF (Windows Metafile) image files late Thursday, citing faster-than-expected testing of the patch and intense customer demand to get a fix out as soon as possible.

The patch came amid reports from anti-virus companies and security researchers about the appearance of new tools that make it easy for even unsophisticated hackers to use the WMF hole to compromise Windows systems.

full article: http://www.eweek.com/article2/0,1895,1908424,00.asp

[rose]

1 bug down 850 more to go