Windows flaw spawns dozens of attacks

TalkBack 49 of 102:: Next »; « Previous

Thread View
Flat View

unofficial patch is available, and highly recommended: "Here's an alternative way to fix the WMF vulnerability."

http://www.f-secure.com/weblog/archives/archive-122005.html#00000756

"Ilfak Guilfanov has published a temporary fix which does not remove any functionality from the system (all pictures and thumbnails continue to work normally).

The fix works by injecting itself to all processes loading USER32.DLL. It patches the Escape() function in GDI32.DLL, revoking WMF's SETABORT escape sequence that is the root of the problem.

Now, we wouldn't normally blog about a security patch that is not coming from the original vendor. But Ilfak Guilfanov isn't just anybody. He's the main author of IDA (Interactive Disassembler Pro) and is arguably one of the best low-level Windows experts in the world."

more details in Ilfak's blog:
http://www.hexblog.com/2005/12/wmf_vuln.html

I would highly recommend you get Ilfak's 0-day patch mentioned above from

http://handlers.sans.org/tliston/wmffix_hexblog13.exe or
http://www.hexblog.com/security/files/wmffix_hexblog13.exe

as a temporary measure from the ulitmate drive-by malware exploit.; Posted by: ~doolittle~ Posted on: 01/03/06 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Windows flaw spawns dozens of attacks Loverock Davidson | 01/03/06

Overhyped probably... csa0307 | 01/03/06

User mistake? spdrcrtob | 01/03/06

Remains to be seen MillenneumMan | 01/03/06

Yet more remains in view?? DNSB | 01/03/06

Protected By A Peguin IceTheNet@... | 01/03/06

Nothing to worry about????? tombalablomba | 01/03/06

WMF 0-day vulnerability is not a bug, it's a feature ~doolittle~ | 01/03/06

Scare tactic? RazorEdge | 01/03/06

Perhaps you are right, but... donw1234 | 01/03/06

good Idea but how long till that is exploited IceTheNet@... | 01/03/06

youre no mike cox. linuxoverwindows | 01/03/06

true we will give him a 3 IceTheNet@... | 01/03/06

I'm not sure if this is accurate or verified... Yen_z | 01/03/06

Overhyping? Smallest of things? Hugh Jass | 01/03/06

hmmmmmm... nix_os_fan | 01/04/06

This exploit been around since 2001... cburgess | 01/04/06

Is there a patch yet? el1jones | 01/03/06

On the 10th Loverock Davidson | 01/03/06

don't wait for the official MS patch ~doolittle~ | 01/03/06

and another place to get the fix: linuxoverwindows | 01/03/06

Not really.... Leria | 01/03/06

Interesting tombalablomba | 01/04/06

Whew Chad_z | 01/04/06

You are a prize prat! Please go back to your cave! GetReal-mac.com | 01/04/06

yes it is called the mepis fix IceTheNet@... | 01/03/06

Patch coming out when???? spinit_z | 01/03/06

wait for it... wait for iiiiit... linuxoverwindows | 01/03/06

Yes! It will!!! Yen_z | 01/03/06

Flaw is overrated... Mike Cox | 01/03/06

Re: Flaw is overrated... richdave | 01/03/06

flaw is overrated? pablito@... | 01/03/06

Forget the plane, XP is thus not reliable enough for a car eric.pederson@... | 01/03/06

Flaw is overrated... Ballzo | 01/03/06

.. hook ... line .... sinker happy

(NT) rick752 | 01/03/06

Hook line and sinker GWIII | 01/04/06

I agree but the flaw is windows IceTheNet@... | 01/03/06

How would you like these dressed...... Quiet_Type | 01/03/06

A new year and shallow_diver | 01/04/06

10! s_gamgee | 01/04/06

Nice catch! jguyp725@... | 01/04/06

Accuracy we expect from ZDNet... gfeier | 01/03/06

It was a quote! (NT) 3D0G | 01/03/06

Precisely! gfeier | 01/03/06

Maybe we should start voting on ZDnet articles instead of Mike Cox IceTheNet@... | 01/03/06

ZDNet not at fault! TapDunk | 01/04/06

Microsoft Testing Rebate rusynr@... | 01/03/06

Rebate MarkieMark | 01/04/06

unofficial patch is available, and highly recommended ~doolittle~ | 01/03/06

neither link works? riix | 01/04/06

Think Defensively Mr. Roboto | 01/03/06

Think Different mchupa | 01/03/06

FW and AV is not enough... cburgess | 01/04/06

oh great, we have to wait for the patch? CobraA1 | 01/03/06

And if MS quickly issued a bad patch... hberenson | 01/03/06

You completely missed the point CobraA1 | 01/04/06

Windows Flaw benf_z | 01/03/06

Ignorant? eric.pederson@... | 01/03/06

Very astute observation! MacGeek2121 | 01/03/06

I've know this guy... Yen_z | 01/03/06

I know this guy... Yen_z | 01/03/06

Firefox gives some protection Greenknight_z | 01/03/06

Plans to release? Richard Flude | 01/03/06

A perfect Example grandis@... | 01/03/06

Somebody should send those nice Boot_Agnostic | 01/03/06

And then... Hugh Jass | 01/03/06

I'm waiting for them to explore the many RAW formats Boot_Agnostic | 01/04/06

How is that possible? Richard Flude | 01/03/06

Why not draconian? zdnet@... | 01/03/06

Well f**king said. A_Pickle | 01/03/06

They've already had their credit history stolen Leria | 01/03/06

Not that easy... cburgess | 01/04/06

I think it is time we punish the companies Littlebear | 01/03/06

No platform is immune, but the QUALITY of the platform makes a difference. HypnoToad | 01/03/06

What inherent security? Leria | 01/03/06

Don't make it bigger than it is rcb_z | 01/03/06

My ISP and me trm1945 | 01/03/06

You should have told your ISP where it was coming from Leria | 01/03/06

The way to protect yourself in the mean time! Raymonde | 01/03/06

Windows flaw again ... flavio.becker | 01/04/06

Already protected without MS's help Mr. Roboto | 01/04/06

AntiVir caught it already doctordawg | 01/04/06

Microsoft writes the viruses Kid Icarus-21097050858087920245213802267493 | 01/04/06

I've actually thought it was the AV companies Boot_Agnostic | 01/04/06

p. c. worm attacks wknaack@... | 01/04/06

Don't surf with Windows Chad_z | 01/04/06

4th option NonZealot | 01/04/06

u've been lucky Tiberiust | 01/04/06

Don't Blame the O/S Bee Jay | 01/04/06

Patch or No Patch Kid Icarus-21097050858087920245213802267493 | 01/04/06

Patch - MS Jafrh | 01/04/06

Try something new.... pkrdk | 01/04/06

Any proof or examples pkrdk | 01/04/06

Re: Any proof or examples speedracerxtreme | 01/06/06

the new flaw in windows thetrader13 | 01/04/06

Think about it half@... | 01/04/06

Exploit WMF attacks DarkSpectre | 01/04/06

We're WAY overdue for being proactively draconian toward hackers zdnet@... | 01/04/06

Nice Rant... cburgess | 01/04/06

Windows flaw jrs161@... | 01/04/06

many spanwaners made me change address optionwizz | 01/04/06

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
Get top-ranked Novell support for Red Hat when you switch Novell If Linux is going to power your mission-critical applications, you'd ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Windows flaw spawns dozens of attacks

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads