Friday, November 11, 2005
Run Windows Update. Dangerous images, AGAIN
Microsoft's announced a critical security vulnerability in the handling of WMF and EMF files. Those are picture files, not too common on the web but often used for Windows clip art.
Open a picture, lose control of your computer:
If you've got a version of Windows which has this bug (you probably do) and if a nasty person can trick you into opening a booby-trapped file ("bin Laden captured.WMF"? "Pamela Anderson.EMF"?) then the nasty person can take over your computer.
Last I heard the bad guys weren't using this yet, at least not on a large scale. This will probably change.
UPDATE 12/31/2005:
It's changed. Toxic WMF files are in the wild. Hundreds of web sites are distributing them. Reports are that the exploit can take over your computer if you so much as click a file in Windows Explorer, which automatically opens the file to create the thumbnail view. Even worse: Windows will do the right (in this case the wrong) thing even if the file has been renamed to have a different extension. That file "puppy.jpg"? It could be a .WMF file inside and could carry a toxic payload.
For once, using Firefox or Opera to browse the web won't help you.
Microsoft released patches last month. Make sure you've run Windows Update.
UPDATE 1/1/2006:
It's not just web pages, bad guys could use this vulnerability to attack you via instant messaging. This is already happening in the Netherlands (http://www.viruslist.com/en/weblog?discuss=176892530&return=1). Be careful of links in instant messages. As usual.
At least one antivirus product, Kaspersky, is now scanning incoming files for anything that looks like an exploitation.
UPDATE 1/1/2006:
Sorry to confuse you, there are two separate vulnerabilities in how Windows handles .WMF files. Microsoft has already patched the first of the two, the problem reported in November. What's going around now is the second, a new one for which there is no official patch.
I found a trustworthy summary of the .WMF vulnerability. The article gets technical at the end but you can skip that part if you're not trained in that direction. Bottom line, this problem is scaring some levelheaded people.
Watch out for email with a subject of Happy New Year and text that says "picture of 2006". It's an attack. Delete it permanently.
I'm going to cross my fingers and recommend installing the unofficial patch (see link above). I believe it fixes the right thing, based on what I know of Windows programming.
|
Open a picture, lose control of your computer:
If you've got a version of Windows which has this bug (you probably do) and if a nasty person can trick you into opening a booby-trapped file ("bin Laden captured.WMF"? "Pamela Anderson.EMF"?) then the nasty person can take over your computer.
Last I heard the bad guys weren't using this yet, at least not on a large scale. This will probably change.
UPDATE 12/31/2005:
It's changed. Toxic WMF files are in the wild. Hundreds of web sites are distributing them. Reports are that the exploit can take over your computer if you so much as click a file in Windows Explorer, which automatically opens the file to create the thumbnail view. Even worse: Windows will do the right (in this case the wrong) thing even if the file has been renamed to have a different extension. That file "puppy.jpg"? It could be a .WMF file inside and could carry a toxic payload.
For once, using Firefox or Opera to browse the web won't help you.
Microsoft released patches last month. Make sure you've run Windows Update.
UPDATE 1/1/2006:
It's not just web pages, bad guys could use this vulnerability to attack you via instant messaging. This is already happening in the Netherlands (http://www.viruslist.com/en/weblog?discuss=176892530&return=1). Be careful of links in instant messages. As usual.
At least one antivirus product, Kaspersky, is now scanning incoming files for anything that looks like an exploitation.
UPDATE 1/1/2006:
Sorry to confuse you, there are two separate vulnerabilities in how Windows handles .WMF files. Microsoft has already patched the first of the two, the problem reported in November. What's going around now is the second, a new one for which there is no official patch.
I found a trustworthy summary of the .WMF vulnerability. The article gets technical at the end but you can skip that part if you're not trained in that direction. Bottom line, this problem is scaring some levelheaded people.
Watch out for email with a subject of Happy New Year and text that says "picture of 2006". It's an attack. Delete it permanently.
I'm going to cross my fingers and recommend installing the unofficial patch (see link above). I believe it fixes the right thing, based on what I know of Windows programming.
# posted by Frederick @ 9:33 AM Email to a friend:
Haloscan: they provide trackback