Protect your computer from Windows WMF exploit
Right after yesterday’s article on removing malware from your computer, I heard about a Windows vulnerability that allows hackers to attack your computer just by tricking you into viewing a picture. Lots of the news on the web has been geek-speek, so let me attempt to translate.
The problem results from a flaw in the Windows metafile format (WMF), an image format common in all versions of Windows. Microsoft Word Clipart, Windows Explorer thumbnails, system images are made up of WMF files. The flaw can allow a WMF image to execute some code or a small programme on your computer when you view it. This can then prompt infected machines to download all sorts of junk that attempt to blast you with unwanted advertising or even trojans that turns PCs into zombie machines for hackers.
To date, hackers have tried to take advantage of it through email viruses, MSN Messenger worms, and spam that lures users to visit a malicious website. So remember the cardinal rule of staying safe on the net: don’t open files from email or instant messenger unless you have been expecting it. This flaw affects all versions of Windows from Windows 98, including the latest versions of Windows XP.
Protecting yourself
Fortunately Microsoft is working on a patch which they schedule to release next ‘Patch Tuesday’ (10 January). However if you’re worried that you’ll be infected between now and then here are some steps you can take.
Ilfak Guilfanov, a Russian security engineer, has come up with an unofficial patch which you can download from his website. He’s not affiliated with Microsoft, but security experts have checked out his patch and gave it the ok. Also, this patch won’t work on Windows 98 and earlier.
Otherwise if you’d rather wait for the official patch, be sure to update your antivirus and antispyware virus definitions in the meantime. Unfortunately newer trojans taking advantage of the flaw can dodge virus scanners, and you may already be receiving lots of emails prompting you to open a file with the exploit, so be sure to follow the cardinal rule above.
Until next Tuesday, that’s about it. What a way for Microsoft to start the new year eh?
If you want the technical details and news, check them out here:
- Microsoft Security Advisory
- Microsoft Windows Metafile handler SETABORTPROC GDI Escape vulnerability
- BBC News | Sites exploit Windows image flaw
- Security Now! podcast episode #20 show notes
Update 6 Jan
In the fastest turnaround ever for the company, Microsoft has released its patch for the flaw. Usually patches only come out months after a bug is detected. Anyway, if you have set your Windows PC to automatically check for updates, chances are that it would have downloaded the patch by the time you are reading this. Otherwise, open up Internet Explorer (you can’t use other browsers for this) and go to http://update.microsoft.com and grab Security Update for Windows XP (KB912919).
Unfortunately, from the accompanying bulletin it appears that Windows 98 and Windows ME users are not protected. Steve Gibson to the rescue! He’s promised that his company, GRC, will be coming up with a repair for users of the older operating systems. Check his site for updates.
If you enjoyed this article please consider staying updated via RSS. Links to your own social media pages could be added here.
This entry was posted on Thursday, January 5th, 2006 at 10:17 am and is filed under How To, Tech & Internet, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.