ALERT UPDATE - WMF flaw can't wait for Microsoft fix, researchers say

Because this a very serious threat to the well-being of your Windows OS computer (no other OS is vunerable), I'm updating from my original post of two days ago. This post supercedes that one.

Hat tip to Radio_Lady for posting information from this new article in the old thread:
WMF flaw can't wait for Microsoft fix, researchers say
By Peter Sayer, Paris | Wednesday, 4 January, 2006



I encourage you to read the entire article.

Next, READ & BOOKMARK (check daily as well) the continuing updated information from:
Steve Gibson/Gibson Research Corporation (GRC)

You can access the downloadable hotfix patch and checker from links provided on Steve's website. Please read the top notice he provides AND the Breaking News at a minimum.

Please RECOMMEND so that the greatest number of DU'ers can have access to this information.

Microsoft is not expected to release their "official patch" until January 10th at the earliest, HOWEVER, it may be longer than that.

Please don't leave your Windows computer vunerable when you don't have to.

Lastly, please tell your family and friends to take this simple precaution. The download is a simple 284kb file and can be removed easily (when the time comes), using your Windows Add/Remove Program.

I'm amazed that anyone still uses that crap.

I'm afraid, and there are many reasons for it.

In the meantime, since the OS is in widespread use, we still need to be on our toes, even if MS isn't.

I'm just thankful that there are experts out there that DO CARE.

it would take forever for people to move from the Windows OSystem to others OS's less vunerable to exploits.  :)

However, even waiting another 6 days (at a minimum) is still *forever* in terms of getting MS to hustle.

I would have realized that, had I taken the time to actually read through this thread (and your post) in context, instead of skimming through it!

Yes, 6 days (minimum) can seem like forever in terms of getting MS to hustle. Meanwhile experts in the field provide solutions. *sigh*

Until that happens Linux will be a nerd's toy, and Macs will be used by professionals that have money to burn on a closed system.

http://sourceforge.net


http://www.apple.com/macmini

no more excuses ;->

peace

sourceforge is ok, but please. It doesn't have the quality of software that is retail. Some things are better, but freeware games suck, and most freeware apps do to.

And the minimac... My friggin videocard is more powerful. No thanks...

i know i work with them daily and many blow away anything on windows especially enterprise class apps i.e. Apache which powers most of the websites you visit like DU.

Check out this link for some powerful FREE client apps as well...
http://www.opensourcemac.org

the mac mini is a great starter computer if you wanna play games get a play station.

peace

games on, is not going to convert me to Linux or Mac.

It's just going to make me roll my eyes, and utter profanities under my breath, about elitist mac/linux users.

My PC does everything I want it to. It plays games a playstation coudln't even attempt to run. I build maps for Unreal Engine games. Can't run UnrealEd 3.0 on Linux, Mac, or a playstation.

Thats really cool Apache is open source, but for just having a PC to use, that isn't something I need AT ALL. I don't host any webpages.

I have plenty of open source software. I use what works better. I use Firefox for my browser because it does more. I use Windows for my OS because it does more. Period. I've tried Linux and unless you are a total nerd, it's not something to use. Having to recompile a kernel to do something like change a video card is not something a sane person wants to mess with.

Please. Just stop trying to tell me what I should use, or what I should play games on. I'll be the fucking judge of that.

use whatever you want, just keep your facts straight ;->

http://XvsXP.com

psst... pass the word :hi:

peace

However most people don't have the luxury of buying an entirely new system. Why buy a mac mini as a starter computer when you already have one? Not to mention that many people already have $$$ invested in software for Windows and some of it doesn't have a freeware/Mac equivalent.


And as somebody pointed out on a Unix board, Linux is like a free puppy. ;)

I'm planning to put Linux back on my computer and dual boot ,but I don't think the unnerdy population wants to deal with things like software dependencies.

BTW even on my Linux box I will have things like a rootkit checker installed. Even though Mac and Linux are better coded for security than Windows, there is no operating system immune to malware.

because you won't have to spend all your time scrambling to keep your work safe.

not to mention that OS X client & server got voted best OS for 2006 at infoworld
http://www.infoworld.com/article/06/01/02/01FEtoyos_1.html?s=feature

more info...
http://XvsXP.com

peace

is to live in a convent.

I switched to Mac after years of Windows usage because I was sick of all the maintenance problems and required upgrades--not because I'm a pro who needs Mac OS, or a snob who's willing to spend extra $$ to somehow feel "superior" to Windows users. (And no, I am not employed with Apple or any of their affiliates, so this is not an advertisement.)

My personal time is worth a lot to me, so much so that I will spend some extra money up front so that I don't have to spend tens of hours every year recovering from crashes, updating DLLs, trying to restore lost files, etc. And I don't want to have to buy a bunch of auxiliary applications to keep my system running smoothly. In the 21st century, why should millions of people have to use a computer that doesn't function as promised, and become a self-service tech support geek in the process?

For years I kept using Windows systems even though they continued to bite me in the ass over and over, because I thought I couldn't afford to replace all the applications I'd bought, and the initial purchase price of a Mac was higher. I even installed Linux on a partition so I could recover files when Windows crashed (saved my bacon a couple of times). But Linux, although it had the potential to give me complete control over my machine, had a steep learning curve and was only partially plug-and-play (at least the version I was using, Red Hat 9).

Three things led me to switch to Apple/Mac:
1) I saw what a great product that iPod was and thought, "If they can do this, I bet their computers are pretty good, too."
2) I looked at a couple of issues of MacWorld magazine. Unlike the PC mags, there were very few articles about disaster recovery, virus removal, modifying the registry, installing bug fixes, updating device drivers, etc. "What a refreshing concept," I thought. "A computer magazine that's just about how you can use the computer to do cool stuff!"
3) I learned that Mac OS X is built on a Unix backbone. From my experiences with Linux (which, as I guess most readers know, is an open-source variant of Unix), I knew what stable operating systems the *nix environments provide.

Also, when I discovered how much great software is included with a Mac, the cost comparison looked a whole lot better.

FYI, If you want more info on why Windows systems are really more vulnerable to viruses, check out this article\.

Your post reads like something from Apple's advertising and marketing division...

Well, when a product is good I figure it doesn't hurt to say so. Are you taking this personally? That's sure as hell not my intent. Because I find most Mac zealots as irritating as you probably do (and Windows and Linux zealots are just as bad). I mean, it's just a damn machine. A tool. If it works for you, fine. If it doesn't, use a different one.

I know a lot of gamers that won't come over to the light side of the force simply because gaming companies give Linux the short shrift. (For that matter, even when they support other OSes, they also give non-i386 architectures the short shrift, despite the fact that i386 has by far the most inferior SIMD units on the market, and has been completely definicient in SIMD for a decade now.)

Gamers tend to be slightly more technically literate, and much of the free technical support that people get for MS comes from people they know who have their elbows greasy from working on technical issues with games, and building their own gaming dream box. As long as those people stay in MS-land, MS will continue to reap the benefit of a voluntary support group rivaling OpenSource's.

And no, OpenSource games won't do it. If it's going to change it has to come from the professional gaming companies.

Fortunately for me, Tribes2 and UT are about all I need to stay amused and both run on Linux. Occasionally I'll opt for StarCraft, but that does fine under WINE. The rest of my gaming is all console based -- which by the way may be the industry that spells the death of i386 in the longterm, what with the non-xbox console folks outrunning i386 this year by miles in terms of performance.

The gaming community could move to PS2, XBox 360, or a Linux/Mac computer tomorrow and Microsoft wouldn't care one bit. They make the lion's share of their money from business sales, and home users are simply a little extra cream in Bill Gates' saucer. It's not a coincidence that XP Home is an utter piece of shit OS, or that Microsoft broke into the gaming market with the XBox. The gaming community, while a significant chunk of the home consumer market, is dwarfed by the sheer mass of the business market. Interestingly, Microsoft's monopoly on the business market is far less than it is in the home/small office market.

Gaming companies do what all other companies do - they release a product and hope to make a profit on it. If 90% of the PC gaming market is running Windows, the gaming companies will release games for Windows. Releasing games for all the different OS's, many of which have insignificant market share, is not a smart business move for most companies, especially because many games have to be stripped down and rewritten for each different OS. Many games available on Linux are "hacked" versions that are recompiled by 3rd parties, and amount to little more than warez bullshit.

I've had Windows 2000 running in my office since 2001, and I've never had a crash, a blue screen of death, or any hardware issues. In fact, my machines only get powered down about every six months, and even that's usually due to outside forces like power outages or electrical storms. To say that the Windows OS is any worse than any other OS is simply specious. I spend far less time managing my Windows OS than I did when I ran a Linux system. Less headaches, less stress, and more time for productivity. It was a no-brainer.

We were talking specifically about the home user base, not about Gate's bottom line -- I doubt many business IT departments come to Democratic Underground for their tech advice. So your comment is beside the damn point. And, my experience with Windows and Linux in both environments has been quite the opposite of yours -- even having the tools and knowlege to keep the Windows boxen I have run in the past from becoming infected, there were still stability problems and in addition, bugs in the operating system cost me over a workweek worth of Visio documents -- work which I had explicitly saved to disk but did not get saved as advertised. As I used applications not maintained by the desktop group, I had to do so myself, and I know first hand what a beast it is to maintain.

I've been using Linux since 0.92 and Windows since 3.1 (not so much these days, though.) Linux is in all ways superior when it comes to stability and maintainability. Only software companies hold it back by keeping the frill that users crave in Windows-only apps.

Then people would attempt to exploit Linux Backdoors.

Don't be naive.

But i suppose you knew that already.

I have clients who use MS. The files they give me are MS files which cannot be opened, manipulated or whatever by non-MS applications. So, I run two machines -- a personal and a business. My personal machine is Linux and the one I use for business is MS. When I upgraded computers this last time, I looked at moving to Mac. (After all, I'm an old newspaper person and, therefore, a Mac lover. LOL!) It came down to the bottom line. I could buy a Mac with all the bells and whistles I needed, but I couldn't afford to replace all my MS-based software.

I run the OS that runs my software. I don't run an OS because I think it's superior, as I'm well aware that all OS's have security problems. They just aren't exploited as much because they aren't as popular as Windows.

that's the only reason I can think of to stick to Windows. There are very few business apps that aren't also available for Mac, or that someone doesn't make a better equivalent

I use 3D Studio Max, Cakewalk Sonar and Sony Vegas exclusively. I chose them because they're the cream of the crop, and they happen to only run on Windows.

If they ran on Linux I'd switch in a heartbeat. I'll never own a Mac because I can't stand closed hardware. I prefer to build my own boxes to achieve the maximum cost/performance ratio.

A Linux/Unix core with a windows look/feel/ease of use. One that you don't have to be a super geek (or feel like one) to navigate the OS.

I covet my mac.

Yet, when I check the properties, they show a different address. I dunno'

Try it again.

I'm waiting for the official MS fix. Who knows what some 3rd party fix is really doing. Hell, for all I know that patch could 'make' me vulnerable...

Smart PC usage will keep you safe from this. Don't open files from websites you don't trust, and don't open email attachments from ppl you don't know.

The sky is not falling.

And to the person saying he doesn't know why ppl don't dump this crap: When Linux or Mac supports the large number of games and apps that windows does, I'll consider it. But right now I'm sticking with windows. Linux is only good for harcore computer nerds, and Mac is only good for musicians and email readers.

A WMF file could be hidden in any link.A place like ummmm DU for instance that allows users to post links to pics; just viewing a thread could infect you. This exploit allows anything to be loaded on a PC.

In Netscape, I can edit preferences under privacy and security to adjust what images will load in the browser as well as e-mail. It's a temporary fix and doesn't require that I install any software or specious patches.

For the next 6 days, I get to decide exactly what images will be loaded/opened on my computer. Then I get the offical patch.

in Windows Explorer (on the off-chance you look around in there) to not show the thumbnail images as well. File and File folder names are sufficient.

I won't go into the numerous reasons you should trust me, or anyone else for that matter. If you want to put your faith and trust only in Microsoft, that's absolutely your right to do so.

I, for one, am not willing to take the chance.

will decide to really go after Linux and Mac just for their users' "superiority." If I were the kind of person to do such a thing, that's just what I'd do.

But Windows because of some aspects of it's design is far easier to exploit than
Linux or OSX.

I'm really surprised it hasn't been done - or has it? ;-)

simply "not opening files from websites you don't trust" and "email attachments" will not protect you with this bug. Simply viewing a webpage can do it for this one. It is a very atypical threat. I would download and install the 3rd party and have. You can uninstall it when the official one comes out.

For example, say someone here posts an image that contains a virus, YOU ARE INFECTED AS SOON AS YOU OPEN THEIR THREAD.

I'm usually very careful, but I ended up viewing a webpage that self-installed this crap when I closed out of the page. I've tried everything to get rid of it, but it seems to re-install itself everytime I re-boot.

This garbage is contained in a folder called on my hard drive called "eosc." The file is called "ruth.exe." Everything I've used that indicates it will be deleted permanently has failed. This thing shows up everytime I re-boot my computer. I've downloaded the recommended unofficial patch, but haven't seen a difference.

It will not stop the virus once it is already on your machine. :(

Turn off System Restore by right clicking on My Cmoputer and going to properties. I battled the same issues until I realized it was Windows and not the virus that was redoing the files.

Leave it to MS to add something that restores viruses after they've been deleted.
Glad it worked!

This is assuming someone can exploit this hole.

I know that SANS is the authority on a lot of this stuff. I would personally trust them over Microsoft any day.

hasn't done all the research. The source of the patch has been posted and viewed by many in the industry.

specialists. F-Secure, a reputable AV company, has put the fix on its own computers and recommends others do so as well. SANS, a reputable IT security outfit also recommends the patch.

Basically the unofficial patch from a noted programmer has had more public scrutiny, in terms of outside people taking it apart to see what it is and does, than the proprietary MS patches you download. (And I recall MS patches that have borked PC's but few people think twice about checking to see if there are reports of any problems before downloading a MS patch.)

And since it's been documented by SANS that a trusted website had an exploit put on it that did deliver the malware by simply browsing the site, safe practices alone are not a guarantee of safety. Just for an example.

It's not a matter of "panic" but providing information. People then they can make informed choices as to what steps to take, if any. Do as you like but you apparently are not fully informed about the exploit or possible means of infection.

Gibson is 100% trustworthy
and one of the best out there.

Patch Your Systems People!

http://www.grc.com/sn/notes-020.htm

Thanks Terre !

and to those that recommended. At least I can rest a little easier that people like me, who start off DU from the Greatest Page, will get the chance to see this.

Yup, I'm serious. Can we use the eminent domain provisions in the Constitution to force the source code into public hands?

It is time for Micro$oft to go bye-bye. As a corporation, they ought not have a "right" to "their" property; the public ought to be able to simply take it.

And: it's not stealing if we legislate it so. We, The People, can write and pass any damn law we please, and, as a corporation, Micro$oft should get no say in the matter.

but I do know that we need to concentrate our efforts in getting *Co out of office ASAP!

...That's a healthy girl!

According to SYMANTEC makers of Norton anti-virus:



Just use due caution keep your head for five more days...
BTW to all the max/ Linux snobs jumping up and down for joy, if anyone actually USED your os's you'd have to contend with these issues from time to time as well there is nothing inherently more secure about EITHER platform.

http://securityresponse.symantec.com/avcenter/security/Content/16074.html

Your wrong. For instance, do you check every link in a thread before viewing it?
simply viewing an image can infect your PC. You don't seem to understand this.

A place like DU that allows inline pics could easily be filled with this exploit.

I mean really. Is it just common knowledge how to exploit this bug?

How many people know how to exploit it?

I know a lot of net users. No one I know has fallen victim to this virus.

And everyone with a virus on there computer knows they have it.

This is not one specific virus, this can be used to load any type of file including rootkits.

1, 5, 10, a million? I don't think it's that widespread.

It's fine to be safe and get the patch if you want, but I'll be waiting for the offical fix.

By now im sure that everyone that writes spyware knows how to use this. In fact if your explore the various Anti Virus sites you will see that this is one of the fastest spreading exploits in history.

the exploit. It's not a secret to folks who are into this thing. Even not particularly talented script kiddies can use it. It doesn't take millions of script kiddies for an exploit to be widely propagated.

I may not be alone in this problem!



I have an
>unauthorized copy of win '98 so a patch is not a option. I am
>in no financial shape to install other OS and am too much of a
>weenie to try another. How can I minimize the threat? Thanks,
>Serry

about what you can do for older Windows OS's, and post it in a new thread, instead of getting "lost" in this one.

I'll let you know when the post is up and provide a link. It may take awhile, so I hope you'll be patient.

n/t

And yes, there are many folks now who do know how to exploit it.

The exploit is in effect a "dropper," it's esentially a means of entering and leaving malware on a PC. So there's not a specific "virus" that is in issue, with recognized symptoms. For example, if a keylogger is left on a PC, by nature it's a stealthy program and will not alert the user that something is amiss. AV's are trying to keep up with the variants of the exploit and some AV's are better than others at detection of the exploit and the various potential payloads dropped on PC's.

Freepers have at least a few semi-computer literate people.

Even savvy computer users can be hit by this. If you go to a site that has ads for example, the payload can still infect your computer that way even on a 'trusted' site. If you use IE, there is no warning something is executing.

From SANS:
It will execute just by viewing the image. In most cases, you don't have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by some indexing software. Viewing a directory in Explorer with 'Icon size' images will cause the exploit to be triggered as well.

http://isc.sans.org/diary.php?storyid=994

One of the many online tests to see if you are vulnerable:

http://kyeu.info/WMF/

Since this is a new thread, the patch author is posting at Castlecops:

http://castlecops.com/f212-Hexblog.html

While the sky isn't falling, this is an extremely serious vulnerability and don't rely on your skills to extricate yourself from infection. The fact that every reputable source urges people to install the patch should tell you something.

This is by far the most serious PC threat ever. How many users could easily implement whats being suggested here, or even understand it.

What if you click on a DU thread and it contains malicious WMF file? This could easily happen.

NO user should take this lightly. It is very serious. Go to the GRC site discusssed in this thread and get the patch asap.

Explain to me HOW can a computer user would NOT VIEW an image file that is compromised if they've already landed on it as it begins it's download?

Like I've previously stated, you can take the chance if you want to, so I guess we'll have to agree to disagree.

edited: to make that 7 days (could even be 8 if you count the 28th)

install unfamiliar software from an unfamiliar author recommended to me by unfamiliar people. Symantec has kept my machine running smoothly for YEARS.

if you think that Symantec can ward off every single new exploit of a Windows vunerability BEFORE it hits your computer.

I wish you the best of luck - Really, I do.

Click Start, Run, and type in the box:

regsvr32 -u %windir%\system32\shimgvw.dll

and click OK. This will un-register the system file responsible for parsing WMF files. As a result, you will disable your PC's ability to open them. BUT probably 90%+ of users won't miss it, AND when the official patch comes out, it will re-register the file and make everything work again.

This patch has been shown to be insufficient days ago. Read the original post in this thread.

Hard to get the straight story.

part of the problem is that the dll won't reregister properly on Windows 2000 so tifs don't show up in thumbnails anymore

:kick:

husband is running '98 and there is not a hotfix for that. So he tried two different versions of the 'workaround', and the computer says it can't find such a file, or it 'failed'.

What to do for an old '98????!!!

There is no patch/fix and Microsoft isn't going to release one. It's probably time to upgrade.

because at the Microsoft website (under General Information/Overview) they DO include Windows98.

So I suggest questions should be posted over at the forum that I linked to in my post below (or above-lol), #43.

However, I will agree with you. If anyone is still running Windows98, it's time to seriously consider an upgrade.

They had much more strict QA than individuals. The Anti-Virus crowd has been able to deal with it so far.

Hexblog, if no one here knows the answer. I know I don't. This forum was set up because Ilfak's blog was closed due to over-usage. It has grown considerably since yesterday:

http://castlecops.com/f212-Hexblog.html

Followed a link there, and it seems that the workaround doesn't work on '98, but the NEWEST thinking is that '98 isn't effected by the problem anyway. Something about that they didn't have the same type of viewer that is in newer versions.

So there ya go. Mine has the fix, and it looks like the '98 is relatively in the clear.

Thanks all!

fix?

AV programs will not help much with this.

BUT can't live without one!

We know that NSA planted cookies unto all visitors to its site. WE know that the NSA has the best computing, programing and mathematical brains working for it. We know that Windows sucks. What if these flaws were created by the NSA to allow it easier access into our machines?

Is that asking too much of people?

It affects all image files. Read the technical info.

And then the OS in its wisdom recognizes it as a .wmf and runs it even if you just preview it.

If were as simple as simply filtering .wmf's there wouldn't be as much concern. Read up on the exploit if you want to know how it works and the various methods a vulnerable PC can be infected.

Safe Computing saves.

I've never been hit by any of the worms or viruses, with only one exception:

When I was a System Administrator at Andersen Consulting (a.k.a. The Borg) I got hit by a boot-sector infecter. I was scanning a suspected floppy with Norton AV in my office when the power to the whole building went out. As I was checking servers on another floor, the power came back on and my desktop machine booted from the floppy.

Thanks for the replies!

computer users don't wan't a degree in CS to be able to play their DVDs or games.

peace

So many evil-minded fuckheads.

BTW the fix for my virus infestation consisted of booting from a good DIS 6.22 floppy and running two commands to rebuild the boot records of my HD. It took about 2 minutes to complete the repair.

:evilgrin:

peace

and people would be banging down their door to get one.

It's not as easy as blocking wmf files. The list of extensions is long and scary.

text? The net is full of graphics from unfamiliar sources.

There was a strange thread here last night where a guy with a low post count (yeah I know that doesn't necessarily mean anything) was insisting that he found weird symbolism, stuff from New Year's pics and he'd enlarged them and encouraged folks to view him via links he posted. Rather odd. May have been nothing to it and he was just being a tad peculiar. But how many folks unthinkingly clicked on the links to see his pics?

So, buyer beware big time. I have to take my computer in to a repair shop tomorrow. I downloaded the patch from a website that you or the Washington Post recommended. Now my computer keeps turning off and on at will. I called SONY and they said there was nothing they could do because we weren't able to get it out of safe mode. Nothing. Now I have to go to system restore.

I am TOTALLY, COMPLETELY bummed out.

I'm on my husband's computer now.

Add or Remove Programs and delete the patch. Then reboot. See if that helps.

It keeps trying to go there then shuts down and starts up again. Believe me, I am screwed. The tech guy at SONY was flabbergasted. We tried everything.

I went to CastleCops. They say: Oh it must be something else. That's everyone's line. I downloaded the patch and then was instructed to reboot. It started to reboot but couldn't finish and kept looping so I started the safe mode thing and it kept looping in and out of that.

Castlecops doesn't know what to do either.

but I see you've already been there and posted your question.

Before you take your computer to Sony, check the forum over there again, right before you disconnect it to leave for a restore. Someone else may have added additional information.

As Paul mentioned, it sounds like an issue unrelated to the patch. Regardless, I'm sorry this has happened to you.

I can understand the patch not working, but to blow up my computer?

I'm just so sorry you have to go through this.

I was going to write something else, got caught up with my son's homework, and went back to the CastleCops forum on the off-chance you got any other replies, which you did.

I suggest also, that you print out this page in its entirety:
http://www.hexblog.com/security/wmffix_faq.html

PLUS the portion (including the graphic) of the following page that that also explains, but in a bit more detail, what Ilfak's hotfix does. Second post from the top:
http://www.f-secure.com/weblog/archives/archive-122005.html#00000754

PLUS your forum discussion over at CastleCops.

Take this information along with you when you see the Sony tech tomorrow.

That's it. That's what he said. Don't know who to believe.

Did you ask him? And more importantly, is it fixed now?

I really seriously doubt it was the hotfix you installed. IMO, the way your computer was reacting doesn't at all sound like anything the exploits would have created. Also, if the hotfix were infected with a virus, we'd all be experiencing more or less the same thing as you did.

It was probably a different virus, unrelated to the WMF thing, that coincidentally, infected your computer.

Anyway, as I said, I hope your computer is on the mend. BTW, as Garbo posted below, MS has released their official patch. Uninstall Ilfak's hotfix from your other computer, and install MS's official one. And it doesn't matter in which order you do it.

The computer guy retrieved my documents and now is restoring the hard drive to its original state. So I don't need to uninstall the hotfix, correct?

Consider a safer browser rather than a specious patch until the Microsoft "fix" comes out on the 10th.

For example, I have always used Netscape as my browser. In Netscape, and likely several other browsers, you can configure it to restrict or block the loading/opening of images from websites and e-mail.

You can get the latest version of Netscape free at www.netscape.com

If you're already using Netscape, click on edit(at the top of the window)/preferences/privacy and security/images. Then change how images load.

It's not likely a pretty fix, but if all this techie mumbo jumbo is giving you the willies, it's better than nothing.

He does lots of business online and didn't take the precautions. I've spend 3 days trying to rebuild his computer. Even wiping the drive and reinstalling Windows XP Pro won't work. Get this hotfix NOW.

and consider having your AV scan all files, since 1. likely your AV by default is not set to scan .wmf files and 2. a .wmf file can be disguised as another format such as .jpg, .bmp, etc. The extension of the file isn't the key flag to a .wmf, since another extension can be used.

And, do not run in the administrator account mode on your PC. Run in a limited user mode. This does not in itself prevent infection, but may limit some of the amount of damage done if malware does get past your AV or other defenses.

A fellow I know of intentionally infected a test PC to document the process and posted his results here: http://www.linklogger.com/wmf_attack.htm It may be of interest to some to see how the malware payload downloaded by the exploit proceeded to turn off Windows Security Center and the Win firewall. As some folks say, if you're in Admin user's mode and you're infected, game's over.

software?

Answer: More

Paolo Monti of NOD32, Italy created it. He's done many standalone cleaners, etc in the past and made them freely available to others via ESET/NOD 32 site.

I may no claims for this patch as I haven't yet tried it, although I do use NOD 32 as my AV. For anyone interested: http://www.nod32.ch/en/download/tools.php

ESET USA site here: http://www.nod32.com/home/home.htm (And no I'm not telling folks to change AV's or use the patch, just providing info on a patch by a reputable AV company as an FYI and FWIW.)

COMPUTER PERSON

I DON'T UNDERSTAND ANY OF THIS MUMBO JUMBO..

i really don't..i have a pc windows xp...do i need to do any of this that i have no understanding of...

ifeel like i am reading a foreign language here...hot zip patch this that ..
how do i know if i am vunerable to what???????

ok ok..i told you i was illiterate to what is being talked about here..but i am sure there are others here that don't get what you are talking about...

and if not than i am the only computer dummy!!

thanks ahead of time..fly

can be exploited by malware (often called a "virus" athough that's not really accurate) by various methods, some as simple as viewing an image on a web page. Microsoft will not issue a patch to fix the problem until January 10.

Some noted computer security people are seriously concerned about this problem and the relative ease with which unprotected PC's can be infected. It's not clear how widely this malware has spread on the net to determine how likely it may be that people just surfing even on relatively safe sites can be infected. But the potential is there. (One needn't go to "bad sites" to be infected if a trusted site has been compromised. Or if you follow a link someone has malicously posted on a messageboard you trust, for example.)

A free unofficial patch has been created by a noted programmer/software developer to help protect MS XP systems until the MS patch comes out and is vouched for by many. Many people have downloaded and installed it without problem. A programmer for the NOD 32 antivirus program has also produced a free temporary unofficial patch as I noted above. But many people are wary of downloading a patch that is not from Microsoft, regardless of who produces it and who vouches for it.

Some Antivirus programs catch some but not all varieties of the malware that currently are in the wild. See post #94 for suggestions on antivirus programs' settings and about using a limited user account for everyday activities like surfing the web, reading email, etc. (a limited user account imits your ability to install software, unlike the administrative user account which allows for total control of the operating system). For info on limited user accounts, go into XP's Help and Support Center and type in "add limited user account" in the search window for info on the topic. Running in a limited user account is considered a good practice in general for security reasons. Many Windows users just run in an administrative account since it's easier to do things like install software without switching user accounts, but it's not the safest practice.

Here's an article from a mainstream not technical publication: http://www.msnbc.msn.com/id/10684853/

And really, the only way one remains a total "computer dummy" is by not taking any time and effort to learn some basics about the computer system one uses, especially in regards to security which with Windows systems is a significant concern unfortunately. Don't want to or don't have the time? Fine. Completely understandable. Lots of people don't want to or don't think they can, they just want to use their computer. For those I suggest they consider looking into getting a Mac the next time they're in the market for a new computer. Seriously. Apple has some computers that are relatively reasonably priced. And the Mac operating system is not as much of a target for the bad guys compared to Microsoft systems.

For the few hours this post has left on the Greatest Page, and a little visibility for a couple minutes (lol) in this forum.

:kick:

Likely in response to demand from major business/gov't customers who wanted the official patch and didn't want to wait until next week. (Also it was a bit of bad PR that news of this exploit/vulerability was getting more public attention the same day Bill was publicly unveiling and bragging about Windows Vista, MS' new system coming out later this year.)

MS usually staggers release of its patch so it may not immediately show up in individual users' Auto Updates on their pc's. Depends how MS rolls out the patch.

Information from Microsoft's site here:

Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned. http://www.microsoft.com/technet/security/bulletin/advance.mspx

My hubby had all kinds of trouble. He gets automatic updates from Microsoft and when he installed the one he got today, it really screwed up the machine. He finally got it working right again after four reboots.

And I did an uninstall of the "unofficial" hotfix and an install of MS's fix on two machines.

We're good to go - I hope.

BTW, I just learned that Windows XP Home support dies 12/31/2006



Sigh.

Still strongly considering an iMac, however...

I thought Bill Gates showed some brass cojones touting the next Windows, "Vista", with this debacle still playing out.

I have 48 computers in the morning I have to apply it too after un installing temp fix.

Gonna be a long day. At least the fucks at Microcrap listened to us.:crazy:

Auto updates turned off where I SYSADMIN. Too often MS patches cause problems with software used by client which is proprietary. Only a couple of systems are SP2 and not critical. Incompatible with SP2 and automotive software and GM. GM has more than cars to get right.