Thursday, January 5, 2006

Browse the Web safely and avoid the WMF vulnerability

Final update!!!
The security update is ready and released. Update your PC now.
It seems to co-exist fine with the REGSVR32 workaround and the Ilfak patch.

Here are some useful links. Make sure your IT people acts on this. I had to do it at the company I work for since they didn't even know about it even after it had been around since Wednesday, December 28, 2005.

Update!
"Microsoft has completed development of the security update for the vulnerability. The security update is now being localized and tested to ensure quality and application compatibility. Microsoft’s goal is to release the update on Tuesday, January 10, 2006, as part of its monthly release of security bulletins. This release is predicated on successful completion of quality testing."
Microsoft Security Advisory (912840) that includes a suggested action (Updated: January 3, 2006)
New WMF 0-day exploit - There's a new zero-day vulnerability related to Windows' image rendering - namely WMF files (Windows Metafiles). Trojan downloaders, available from unionseek[DOT]com, have been actively exploiting this vulnerability. Right now, fully patched Windows XP SP2 machines machines are vulnerable, with no known patch.
Targeted WMF email attacks
It's not a bug, it's a feature
Internet Storm Center recommends Ilfak too
New WMF exploit attacks via email
Bad behaviour
First WMF worm found
Overview of the WMF related articles at the ISC
Handler's Diary: VMWare Browser;Installing a Patch Silently;Checking for .wmf Vulnerabilities
The posts below are not exactly related to the WMF vulnerability but are well worth reading since many vulnerabilities that are exploited requires administrator rights.
Browsing the Web (Part 1) and Reading E-mail Safely as an Administrator. Michael Howard discusses how you can run as an administrator and access Internet data safely by dropping unnecessary administrative privileges when using any tool to access the Internet. Part 2
The Non-Admin blog - running with least privilege on the desktop
Least privileged user access for developers. A blog entry about what developers can and should do regarding least privilege and least privileged user access (LUA) on Windows.
Updates:
http://blogs.technet.com/jesper_johansson/archive/2006/01/02/416762.aspx

No comments:

Post a Comment