[KeyWest]

This is from just one of the articles at the link. If you go to some of the anti-virus sites they say they have the problem in hand but SANS disagrees. The info is fairly straight forward.

In essence, if you are using MSIE you are particularly vulnerable. Firefox and Moz give an intermediate step that can protect you if you know about the exploit, but most people do not and will open the "picture".

I have been around since 1998, and post infrequently, but this is a potential major problem. There has been one other post on the problem, but few saw it.

[KeyWest]

Moderator- OK, did something wrong to get the 404, but the links do work. Help!

[wvobiwan]

Foxnews.com had a story about this yesterday, I sent the link to my friends and family.

http://www.foxnews.com/story/0,2933,180244,00.html

You're right, this one is gonna be a major problem until they get a patch issued.

Don't you love MS development strategy? "Get it to market first, then finish programming."

[backhoe]

I have been around since 1998, and post infrequently, but this is a potential major problem.

Shoot, fella- I know you-- haven't "talked" to you for a while, but you go back farther on this site than I do... you're an Oldtimer.

I have some links handy ( rummaging around old files hastily )...

John's Note:

 

I tried this-- seems OK on Win 2K:

 

Here's an update to the unofficial fix posted above. The folks at sans.org have taken the patch apart and modified it to work on WIN2K systems.. It's running on my system with no apparent ill effects. I'll be patching the other computers in the house shortly.

 

----------------------------------------------------------------------------------------

 

New exploit released for the WMF vulnerability - YELLOW (NEW)

 

Sites exploit Windows image flaw (New attacks for pc users)

 

Windows Security Flaw Is 'Severe'

 

 

For video players that can handle other formats, give your friends these links -

www.videolan.org

www.divx.com

Subnote: V-lan works fine on my home machines- others I know swear it "hosed my codecs"- so be advised I provide that and other links on a "use with caution" basis.

[Born Conservative]

Ping

[an amused spectator]

Looks like some EXCELLENT info, KW.

[satchmodog9]

bump

[irishfest]

Thanks Bump

[Woodstock]

Thank you. Fix seems to be running okay.

[rlmorel]

From the linked article: "...Publishing exploit code such as this for an unpatched vulnerability on a holiday weekend is, without any doubt, a totally irresponsible act..."

This struck me as kind of a stupid thing to say. As if the people who distribute these damned things give a crap about whether it is going to deleteriously impact their victims!

That aside, I appreciate the work that was done by these people on a holiday weekend to fight it. I just thought that comment was naive and silly.

[csvset]

Bump

[ReignOfError]

In essence, if you are using MSIE you are particularly vulnerable.

(C) 1998. All Rights Reserved.

[BlessedBeGod]

I don't seem to see anything telling what the symptoms are.

[Bonafide]

I am so amazed that it works as well as it does, that I don't have any complaint if it messes up a little. We are in the beginning of understanding a technology that will ultimately prove itself smarter than all of us.

[IpaqMan]

As mentioned before, this is an exploit and not a virus. It is a backdoor way into your computer. WMF (windows meta files) are pictures that can execute programs. This is similar to the problem of Windows Word DOC files that can execute macros or Outlook email messages that can execute scripts.

A malicious person can do all sorts of nasty things to your PC like formatting your C drive or simply using it to distribute child pornography via "zombie" bots. Most of those denial of service attacks on Google and Amazon come from compromised PCs. An enterprising individual can compromise and gain control of thousands of PCs. Imagine what you could do with a thousand PCs under your remote control.

You can access a WMF file via your browser or via an email message. There was a report of a contamination on a "trusted" website, so there is a significant risk.

Steve Gibson's website www.grc.com has a lot on exploits including this one.