Huge virus threat rocks Microsoft [update]

[ROM-DOS]

Huge virus threat rocks Microsoft

Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.

January 3, 2006: 11:08 AM EST

NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft, where security experts are scrambling to confront a potentially massive virus threat to Windows PCs.

According to a report Tuesday in the Financial Times, the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week. But it mushroomed over the weekend, when a group of hackers published the source code they used to exploit the flaw.

What makes this threat particularly vicious, according to the Times, is that unwitting victims can infect their computers simply by viewing a web page, e-mail, or instant message that includes a contaminated image. That differs from most virus attacks, which require a user to actually download an infected file.

"The potential [security threat] is huge," Mikko Hypponen, chief research officer at F-Secure, an antivirus company, told the Times. "It's probably bigger than for any other vulnerability we've seen.

"Any version of Windows is vulnerable right now," said Mr. Hypponen, including every Windows system shipped since 1990.

Microsoft (Research) said in a security bulletin on its Web site, "we are working closely with our antivirus partners and aiding law enforcement in its investigation."

[Swimmer]

It is a big deal.. but not huge.. there is still protection currently with Windows Data Execution Prevention... By default this is turned on all windows xp sp2 systems.  That is the software side of the protection.  On the hardware side you have the Execute Disable Bit (XD) from intel and no-execute page-protection (NX) from AMD.  AS OF RIGHT NOW THERE IS NO SIGN THAT THIS exploit is affecting these systems.  However, that does not mean that it will not mutate and beable to bypass them.  However, you must have both hardware and software to be semi protected..

If you have an Athlon 64 or a 90-nanometer-process Pentium 4 "Prescott" you should have the hardware side taken care of.

For more info on DEP check out this page http://support.microsoft.com/default.aspx?scid=kb;en-us;875352#3

For more info on The WFM exploit/flaw http://computerworld.co.nz/news.nsf/news/B4714903757E6CBECC2570EB001286D4

[ROM-DOS]

Microsoft preparing patch for Windows flaw

Tuesday, January 3, 2006

[organ_shifter]

Huge virus threat rocks Microsoft

Report says a newly discovered flaw could expose hundreds of millions of Windows PCs to virus.

January 3, 2006: 11:08 AM EST

the latest vulnerability involves a flaw which allows hackers to infect computers using programs inserted into image files. The threat was discovered last week.

Hackers exploit Windows flaw

[ROM-DOS]

Microsoft inadvertently leaks WMF patch

By Joris Evers

Staff Writer, CNET News.com

Published: January 4, 2006, 1:36 PM PST

An early version of a security fix for a Windows flaw that is being used as a conduit for cyberattacks was prematurely posted online by a Microsoft employee.

The fix was briefly posted on a security community Web site, Debby Fry Wilson, a director in Microsoft's Security Response Center, said on Wednesday. Copies of the file have since been posted online elsewhere, but Microsoft recommends that customers wait for the final version in its monthly security release on Jan. 10, she said.

"It really was an inadvertent thing that happened," Fry Wilson said. "We have the security update on a fast track...(and) somebody accidentally posted a prerelease version on a community site. It has been taken down, and we don't recommend customers use it--it is not the version that we will be releasing on Tuesday."

The fix is designed to repair a flaw in the way Windows renders Windows Meta File images. The bug was discovered last week and is being exploited in attacks that compromise a vulnerable PC if the user visits a Web site with a malicious image file.

Security experts have urged Microsoft to rush the patch because of the onslaught of attacks. More than a million PCs have already been compromised, according to Andreas Marx, an antivirus software specialist at the University of Magdeburg in Germany. There are thousands of malicious Web sites, as well as Trojan horses and at least one instant messaging worm, that use the WMF flaw as a conduit, other experts have said.

Microsoft said it hasn't seen many attacks on its customers. The company plans to issue the final version of its fix on Tuesday, its next official patch release day, Fry Wilson said.

"We have to weigh putting out a partially tested update against the severity of the attack," she said. "If customers are being attacked in large numbers, then we will go ahead and put out the update as we have it, so that customers can be protected, even though it might break things."

A patch may turn out to have side effects, even if it has undergone full testing. Microsoft has had problems in the past, most recently with an Internet Explorer update in December.

Microsoft's fix appears to be nearly done, said Steve Gibson, the president of Gibson Research in Laguna Hills, Calif. "It works great," said Gibson, who downloaded the file and tested it. It even works with a patch developed by European programmer Ilfak Guilfanov, he said.

After examining the software, Gibson believes Microsoft could push out the fix before Patch Tuesday.

"They obviously already have it packaged and ready to go," he said. However, there are reasons for Microsoft to hold off. "Major corporate users very much dislike randomly timed patch releases, since it is deeply disruptive of everything else that's going on," he added.

Copyright