A newly discovered flaw in Microsoft's Windows Meta File (WMF) has spawned dozens of attacks since its discovery last week. Microsoft has no patch for the problem as of this writing. The attacks so far have been varied and range from an MSN Messenger worm to spam e-mail that attempts to lure people to click on malicious Web sites.
The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, according to security experts. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit. Security experts say that 99% of the world’s computers are vulnerable to this attack.
The Windows Meta File flaw uses images to execute arbitrary code. It can be exploited just by the user viewing an infected image. Microsoft plans to release a fix for the WMF vulnerability as part of its monthly security update cycle on Jan. 10.
All Internet browser are vulnerable, including IE, Firefox, Opera, Maxthon and others. The reason is the browser is not rendering the infected image. It's rendered by Windows' own Picture and Fax Viewer (Shimgvw.dll), also known as the Shell Image View Control). New versions of Firefox do display an alert when a suspicious image is encountered on a Web page. But since viewing an image is usually harmless, most users will click OK, thereby exposing them to infection.
If your PC catches an infected metafile, the payload can run even if you don't consciously open or view the image. For instance, Google Desktop Search causes the payload to be executed when the metadata of the image is accessed. If the image is an icon, merely displaying a file directory in certain views of Windows Explorer can silently execute the Trojan.
As mentioned above, there are several ways in which this newly found vulnerability could find its way on to your computer. For instance, one exploits image files and tries to get users to click on them. A different one is an MSN Messenger worm that will send the worm to people on your buddy list.
Some of the e-mail spam attacks have been targeted to select groups, such as one that purports to come from the U.S. Department of State. The malicious e-mail tries to lure the user to open a map attachment and will then download a Trojan horse. The exploit will open a backdoor on the user's system and allow sensitive files to be viewed. The WMF flaw has already resulted in attacks such as the Exploit-WMF Trojan, which made the rounds last week.
The only advice I can give you at this time is to be very careful until Microsoft releases its fix, hopefully later this month. Until then, be diligent about which web sites you visit (stick to the ones you normally visit and know are safe), and don’t open strange e-mails with attachments. Also make sure your e-mail program doesn’t automatically display pictures. I use Thunderbird, which does not open any images in e-mail’s unless I give it permission. This is very helpful with all spam e-mail and can prevent infections.
Also, be sure and download the next Microsoft Windows fix as soon as it becomes available.
PS: There will not be any new blogs for a couple of days as I will be out of town photographing a wedding.
No comments:
Post a Comment