Windows zero day nightmare exploited.

[TheHalf]

By INQUIRER staff: Wednesday 28 December 2005, 12:11

Aaargh! No fix for Windows XP SP2!

F-SECURE, Bugtraq and a number of other security aware outfits have warned of a zero day vulnerability that's being actively exploited as we write.

Fully patched Windows XP SP2 machines are vulnerable and there's no known fix as yet.

A number of trojans are being distributed using the vulnerability, related to Windows' image rendering.

F-Secure says you can get blatted if you visit a site with an image file containing the exploit. IE users may automatically be infected. Firefox users can get infected if the image file is downloaded. There's more solid advice at F-Secure. We await a patch from Microsoft.

[Blunted 2]

wow i use firefox and dont download nythig ithink might be bad.  i hope my firewall holds up because it stopped everything else for months and i keep everything up to date.    i think i am pretty safe cause i'm not a average user and tay on top

[WebUser]

Also on Secunia, rated as "Extremely Critical"

http://secunia.com/advisories/18255/

[Dirk]

Solution the easy way: go to the windows file options and remove any program assignment to files with the wmf extention so it won't be opened/executed automatically. You stil can access your normal wmf files by first starting the program you use for it, and then opening the file.

As far as i know, problem solved, or lat least less of a thing to worry about.

[disturbed]

thats why i havent switched to sp2 yet, and never will

[Dirk]

you mean thatxp sp1 is ot affected by this then?

I'm not too certain about that. Just healthy paranoia towards virusses, and even if i dislike some of the marketing of MS, i believe their intention is not to hinder you in your computer usage.

[disturbed]

In my opinion sp1 is better than sp2 - thats why the last 3 windows xp os's i bought were all sp1 not sp2 (customer pc's ive built)

[TheHalf]

This is a follow-up to the original post, just click on the link below.

http://www.theinquirer.net/?article=28605

TheHalf

[resopalrabotnick]

the problem is a dll that stems more or less from the original 3.x since the inception of the .wmf format it has remained unchanged. the proliferation of this file format and handling of the same all through the os is probably what makes eradication of the bug so difficult.

one of the dangers is that removing just wmf extensions from the recognized file formats is no good. windows will recognize a .wmf named .jpg to be a wmf when it opens it and send it to the picture and fax viewer where exploit code can be run. the problem is a buffer overflow in the header of the wmf that allows a prepped wmf to dump code into the stack.