Exploit Released for Unpatched Windows Flaw

Washington ComPost ^ | 12/28/05 | Brian Krebs

[Salo]

Security researchers have released instructions for exploiting a previously unknown security hole in Windows XP and Windows 2003 Web Server with all of the latest patches applied.

[Salo]

Heads up.

[Salo]

Pings.

[Squantos]

http://www.freerepublic.com/focus/f-news/1548350/posts

[Salo]

Thanks. I searched on the headline and it came up clean.

[Squantos]

Yeah that happens sometimes when folks change the headlines ......stay safe !

[Salo]

Damn you, Ernest! :-) /shakes fist

[Company Man]

Windows users can protect themselves from this exploit by entering the following command:

Start - Run - regsvr32 /u shimgvw.dll

This will disable the vulnerable component, Windows Fax and Picture Viewer. Alternatively, you can use Folder Options - File Types to change the association for .WMF files to something other than that program.

[Blueflag]

or switch to Apple or Linux and open Office

[Ernest_at_the_Beach]

I didn't use the Washington Post as the source Document since they require extraction and weren't as close to the original as my source.....I thought that was Fair....Hehehe

[antaresequity]

or switch to Apple or Linux and open Office

Here we go again...

All operating systems are vulnerable...even proprietary private ones...and EVEN your holy grails Apple and Linux...

90% of the common computing planet run on Win OS systems...and the world is not ending tommorrow...

[Squantos]

Very good !........:o)

Freethinking freeper !!

[george76]

"New exploit blows by fully patched Windows XP systems"

[ikka]

All operating systems are vulnerable...even proprietary private ones...and EVEN your holy grails Apple and Linux...

No they are not!

Windows has specific architectural flaws (from a security standpoint) that neither Linux nor Apple's OS have (or for that matter, any Unix-like OS). For instance, the graphics drivers run in-kernel, so a bug in the graphics driver can bring down the whole system.

[antaresequity]

Well you have pointed out a flaw in Win...a vulnerability...but Linux has flaws in its kernals too...

snip.....

Two of the vulnerabilities lie in the way the Linux kernel--the core of the open-source operating system--manages memory. They affect all current versions of Linux, according to advisories released on Wednesday by iSEC Security Research, a Polish security company. The third flaw affects the module for the kernel that supports ATI Technologies' Rage 128-bit video card.

----end snip

I find it so amusing how a flaw in Windows always translates into another OS being superior because it doesn't share the flaw...That like saying a Ford is better than a Chevy because Chevy fuel tanks explode....the logical disconnect typically doesn't even warrant a response....

[Swordmaker]

and EVEN your holy grails Apple...

That's nice... enjoy your XP trojans, viruses, adware, and spyware... all several tens of thousands of them.

[george76]

"Any application that automatically displays a WMF image will cause the user’s machines to get infected."

"This includes older versions of Firefox, current versions of Opera, Outlook and all current version of Internet Explorer on all versions of Windows."

http://sunbeltblog.blogspot.com/2005/12/new-exploit-blows-by-fully-patched.html

[antaresequity]

I run Norton and SpySweeper behind a firewall, behind a router...I have zero problems and have never had a problem caused by a virus or spyware...ever...

I enjoy a million more choices in software and data services and make a living sitting at this computer everyday trading the markets...

There isn't any decent retail technical analysis software available for any other OS but this one...I also program my own trading apps using C# NET in the most powerful retail integrated development environment known to man..MS Visual Studio NET...a master piece of program engineering...

Chicken Little Linux and Apple cult members will never convince me a better solution for my needs exists...

Despite the fact that right now...there are hundreds of thousands of malicious programmers trying to bring down the mighty MSFT....it ain't going to happen...and its a testament to the OS that it has withstood this withering barage of attacks and malcontents...

[ThinkDifferent]

All operating systems are vulnerable

All operating systems are not *equally* vulnerable. I could store valuables in my unlocked car, or I could put them in a safe in my home. Neither method can guarantee their security, but one has a much better chance than the other.

[detsaoT]

See tagline for zig.

[george76]

"You might want to block these sites at your firewall while waiting for a Microsoft patch:"

Crackz [dot] ws
unionseek [dot] com
www.tfcco [dot] com
Iframeurl [dot] biz
beehappyy [dot] biz


And funnily enough, according to WHOIS, domain beehappyy.biz is owned by a previous president of Soviet Union:

Registrant Name: Mikhail Sergeevich Gorbachev
Registrant Address1: Krasnaya ploshad, 1
Registrant City: Moscow
Registrant Postal Code: 176098
Registrant Country: Russian Federation
Registrant Country Code: RU

"Krasnaya ploshad" is the Red Square in Moscow...

"Do note that it's really easy to get burned by this exploit if you're analysing it under Windows. All you need to do is to access an infected web site with IE or view a folder with infected files with the Windows Explorer."

"As a precaution, we recommend administrators to block access to unionseek[DOT]com and to filter all WMF files at HTTP proxy and SMTP level."

"F-Secure Anti-Virus detects the offending WMF file as W32/PFV-Exploit with the 2005-12-28_01 updates."

"We expect Microsoft to issue a patch on this as soon as they can."

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752