Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

WMF (Windows meta file) exploit
The SANS Institute ^ | January 2, 2005 | Various

Posted on 01/02/2006 5:07:56 AM PST by KeyWest

Looking forward to the week ahead, I find myself in the very peculiar position of having to say something that I don't believe has ever been said here in the Handler's diary before: "Please, trust us."

I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.

(Excerpt) Read more at isc.sans.org ...


TOPICS: Miscellaneous; News/Current Events; Technical
KEYWORDS: backdoor; exploit; getamac; internetexploiter; lookoutexpress; lowqualitycrap; microsoft; securityflaw; trojan; trojans; virus; virusbait; windows; wmf
Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last
This is from just one of the articles at the link. If you go to some of the anti-virus sites they say they have the problem in hand but SANS disagrees. The info is fairly straight forward.

In essence, if you are using MSIE you are particularly vulnerable. Firefox and Moz give an intermediate step that can protect you if you know about the exploit, but most people do not and will open the "picture".

I have been around since 1998, and post infrequently, but this is a potential major problem. There has been one other post on the problem, but few saw it.

1 posted on 01/02/2006 5:07:56 AM PST by KeyWest
[ Post Reply | Private Reply | View Replies]

To: Admin Moderator
Moderator- OK, did something wrong to get the 404, but the links do work. Help!
2 posted on 01/02/2006 5:11:34 AM PST by KeyWest (Help stamp out taglines!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KeyWest

Foxnews.com had a story about this yesterday, I sent the link to my friends and family.

http://www.foxnews.com/story/0,2933,180244,00.html

You're right, this one is gonna be a major problem until they get a patch issued.

Don't you love MS development strategy? "Get it to market first, then finish programming."


3 posted on 01/02/2006 5:12:17 AM PST by wvobiwan (It's OUR Net! If you don't like it keep your stanky routers off it!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Admin Moderator

OK. I see it was the link to FR that showed up as a 404 and now works.


4 posted on 01/02/2006 5:13:07 AM PST by KeyWest (Help stamp out taglines!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: Admin Moderator

Please change the date - it was not a year ago...

As I said, I post infrequently... :)


5 posted on 01/02/2006 5:16:10 AM PST by KeyWest (Help stamp out taglines!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: KeyWest
I have been around since 1998, and post infrequently, but this is a potential major problem.

Shoot, fella- I know you-- haven't "talked" to you for a while, but you go back farther on this site than I do... you're an Oldtimer.

I have some links handy ( rummaging around old files hastily )...

John's Note:
 
I tried this-- seems OK on Win 2K:
 
Here's an update to the unofficial fix posted above. The folks at sans.org have taken the patch apart and modified it to work on WIN2K systems.. It's running on my system with no apparent ill effects. I'll be patching the other computers in the house shortly.
 
----------------------------------------------------------------------------------------
 
New exploit released for the WMF vulnerability - YELLOW (NEW)
 
Sites exploit Windows image flaw (New attacks for pc users)
 
Windows Security Flaw Is 'Severe'
 
 

For video players that can handle other formats, give your friends these links -

www.videolan.org

www.divx.com

Subnote: V-lan works fine on my home machines- others I know swear it "hosed my codecs"- so be advised I provide that and other links on a "use with caution" basis.

6 posted on 01/02/2006 5:27:31 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 1 | View Replies]

To: backhoe; KeyWest

Thanks for the heads up. Once again this proves the worth of Free Republic and its posters.

I wouldn't know sans.org from Adam's housecat.


7 posted on 01/02/2006 5:36:40 AM PST by A.Hun (Democrats suck worse than ice storms.)
[ Post Reply | Private Reply | To 6 | View Replies]

To: backhoe; KeyWest

Amazing. This post has been up for almost an hour, and we haven't had anyone post "Free Republic isn't a computer forum, blah, blah, blah..."


8 posted on 01/02/2006 5:53:10 AM PST by Born Conservative (Chronic Positivity: http://www.livejournal.com/users/jsher/)
[ Post Reply | Private Reply | To 6 | View Replies]

To: A.Hun
I wouldn't know sans.org from Adam's housecat.

My late Mom's favorite variant of that was "wouldn't know him from a load of coal." ( She grew up in coal country )

9 posted on 01/02/2006 5:53:46 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 7 | View Replies]

To: ShadowAce

Ping


10 posted on 01/02/2006 5:54:00 AM PST by Born Conservative (Chronic Positivity: http://www.livejournal.com/users/jsher/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Born Conservative
Amazing. This post has been up for almost an hour, and we haven't had anyone post "Free Republic isn't a computer forum, blah, blah, blah..."

Not surprisingly ( since we have so many people from different backgrounds ) some of the best and fastest computer advice I have gotten has been right here.

There are some very good computer forums- Geeks to Go, VirtualDr, and others- but we're pretty durn good, too.

11 posted on 01/02/2006 5:56:51 AM PST by backhoe (-30-)
[ Post Reply | Private Reply | To 8 | View Replies]

To: backhoe; KeyWest

Well, thank you both for the background. Not being in IT, it is hard to know who or what to trust. I downloaded the patch with (seemingly) no ill effects.

What is it with mother's sayings? That one is straight from mine's lips! LOL


12 posted on 01/02/2006 6:02:26 AM PST by A.Hun (Democrats suck worse than ice storms.)
[ Post Reply | Private Reply | To 9 | View Replies]

To: Born Conservative
This post has been up for almost an hour, and we haven't had anyone post "Free Republic isn't a computer forum

They know they'd get their asses handed to them. ;-)

13 posted on 01/02/2006 6:10:13 AM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 8 | View Replies]

To: A.Hun
Not being in IT, it is hard to know who or what to trust. I downloaded the patch with (seemingly) no ill effects.

I'm going to think about it for a while before I do anything with it.

The unofficial patch seems to revolve around the desire to show images whilst Netting. I've de-registered, and I'm only allowing images from the originating site (FireFox). I'm thinking about disallowing images totally, until the official patch comes out, but who knows how long Redmond is going to take.

14 posted on 01/02/2006 6:14:32 AM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 12 | View Replies]

To: KeyWest

Looks like some EXCELLENT info, KW.


15 posted on 01/02/2006 6:15:24 AM PST by an amused spectator (Bush Runner! The Donkey is after you! Bush Runner! When he catches you, you're through!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: wvobiwan
Don't you love MS development strategy? "Get it to market first, then finish programming."

I've been in the software development business for over 20 years. Trust me, MS is not the only company that this applies to.

But you are never really "finished programming". And at some point, you have to release or you will never get a product out the door.

If everything released was "finished", wouldn't everything be at version 1.0 - heck, version numbers wouldn't even be necessary.

Is Linux "finshed"? Oracle? etc. etc.

I'm not trying to absolve MS, but I don't hold them up to any higher standard than I would any other company because I've been on the other side of things, and there is NO major piece of software out there that is perfectly written.

But you'd think so if you read the various anti-MS blogs - you find all of the perfect programmers there who never have written code with a bug in their lives. :-)

16 posted on 01/02/2006 6:21:55 AM PST by Mannaggia l'America
[ Post Reply | Private Reply | To 3 | View Replies]

To: KeyWest

bump


17 posted on 01/02/2006 6:23:36 AM PST by satchmodog9 (Most people stand on the tracks and never even hear the train coming)
[ Post Reply | Private Reply | To 1 | View Replies]

To: KeyWest

Thanks Bump


18 posted on 01/02/2006 6:32:28 AM PST by irishfest
[ Post Reply | Private Reply | To 1 | View Replies]

To: KeyWest

Thank you. Fix seems to be running okay.


19 posted on 01/02/2006 6:56:36 AM PST by Woodstock
[ Post Reply | Private Reply | To 1 | View Replies]

To: KeyWest
From the linked article: "...Publishing exploit code such as this for an unpatched vulnerability on a holiday weekend is, without any doubt, a totally irresponsible act..."

This struck me as kind of a stupid thing to say. As if the people who distribute these damned things give a crap about whether it is going to deleteriously impact their victims!

That aside, I appreciate the work that was done by these people on a holiday weekend to fight it. I just thought that comment was naive and silly.
20 posted on 01/02/2006 7:22:43 AM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-2021-4041-50 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson