Microsoft Releases Patch for WMF Flaw
by Judith Dinowitz
Since the last week of December 2005, you might have been hearing about the WMF Flaw, a vulnerability that affects Windows and is considered quite critical. Today (January 5), Microsoft finally released a patch for WMF, almost a week after the news about the bug was released. In that week, several worms and exploits have materialized on the web. The WMF flaw is a flaw in the way Windows handles files in the WMF (Windows Meta File) format, which is essentially an obsolete 16-bit graphics file format. In certain cases, WMF files can register a callback for certain conditions, and this can be exploited to run arbitrary code. Soon after the announcement of the exploit, malware distributors began placing graphics exploiting this vulnerability on their web sites, installing adware, spyware, worms, back doors, and other malicious software. What makes WMF so critical is that all you need to do is view a graphic in order to be exploited, and certain Windows programs (such as Internet Explorer) will do this automatically. If you receive an infected file from another source, such as email, double-clicking it will do the trick. According to the F-Secure.com blog, "it's really easy to get burned by this exploit if you're analysing it under Windows. All you need to do is to access an infected web site with IE or view a folder with infected files with the Windows Explorer." The same blog entry points out that Google Desktop creates an index of the metadata of all images in realtime, and can invoke the exploit and infect the machine simply by extracting the image information. This happened to the researchers at F-Secure.com on a DOS box! What's most ironic here (and PC Magazine's Security Watch points this out) is that this file format was obsolete, and until Windows XP and 2003, Microsoft did not have a default configuration to read WMV files. They only added this to their most recent versions of their operating systems. In modern versions of Windows, the default program for launching such graphics is the Windows Picture and Fax Viewer. In earlier versions, it was the Paint program, which is still vulnerable in current versions. Even the 1990 version of Windows 3.0 is vulnerable. The link to the patch is available now through Windows Update, and through the front page of Microsoft.com. I would urge all Windows users to update their settings. Microsoft Windows Graphics Rendering Engine WMF SetAbortProc Code Execution Vulnerability Microsoft's Fix is in for WMF Flaw (SecurityFocus.com, January 5, 2006) WMF 0-Day: Exploit Spreads, Defenses Few (SecurityFocus.com, December 30, 2005) Windows 0-day exploit found on Web (SecurityFocus.com, December 28, 2005) Security Watch: Iniquitous Images Imperil the Internet! Security Watch: Iniquitous Images Imperil the Internet! (Security Alerts and Updates) Be Careful with WMF Files (From the December Archives of F-Secure Blog)Latest ColdFusion Talk (CF-Talk)
- Pre-filling FileField Values
- cfhttp and Google Search Appliance
- xmlTransform() and an unnecessary xml declaration
- AMD vs Intel for ColdFusion Servers
- Listing then Deleting Duplicates
- CF8 PDF Fonts
- putting " " in cffile
- Text to image for Non CSS font resolution
- CF8 Developer Edition, CFDOCUMENT, and watermark png argh!
- cfmail woes
Latest ColdFusion Jobs (CF-Jobs)
- Sr ColdFusion Developer Available
- Cold Fusion Flex Developer - PA
- North Bay Application Developer Search
- Contract to HIRE Cold Fusion Developer needed in Wake Forest NC
- Please post this Cold Fusion opportunity Thanks
- ColdFusion Developer - Northern California
- ColdFusion MX 7 Server Consultant in/around Hoboken, NJ
- ColdFusion Web Developer - Baltimore, MD
- ColdFusion Web Developer
- Part Time Coding Job
Want a number like 800-ColdFusion?
My Toll Free 800 Number provides a vanity phone number service to clients who want more than just digits. How would you like 800-coldfusion?