p2p news / p2pnet: ” ‘The potential [security threat] is huge,’ said Mikko Hyppönen, chief research officer at F-Secure, an antivirus company. ‘It’s probably bigger than for any other vulnerability we’ve seen. Any version of Windows is vulnerable right now’.”

Hyppönen, quoted in the Financial Times, is talking about the latest WMF files (Windows Metafiles) zero-day disaster.

“The flaw, which allows hackers to infect computers using programs maliciously inserted into seemingly innocuous image files, was first discovered last week,” the FT goes on, “But the potential for damaging attacks increased dramatically at the weekend after a group of computer hackers published the source code they used to exploit it. Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.”

Microsoft has acknowledged the danger, saying it’s, “mobilized under its Software Security Incident Response Process (SSIRP) to analyze the attack, assess its scope, define an engineering plan, and determine the appropriate guidance for customers, as well as to engage with anti-virus partners and law enforcement”.

Meanwhile, “Larry Seltzer from eWeek has been doing lots of additional testing against older versions of Windows and bad WMF files,” says Hyppönen on F-Secure, going on, “He has just blogged his interesting findings:

…in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw.

…all versions of Windows back to 3.0 have the vulnerability in GDI32. Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files…

“So the vulnerability is there on all platforms but it seems that only Windows XP and 2003 are easily exploitable.

“Unfortunately this still means that majority of Windows computers out there are vulnerable right now. And at least Windows 2000 becomes vulnerable if you’re using many of the available third party image handling programs to open image files.”

Also See:
Financial Times – Windows PCs face ‘huge’ virus threat, January 3, 2006
zero-day disaster – WMF zero-day vulnerability: II, December 29, 2005
F-Secure – Which platforms can really get hit by WMF?, January 3, 2006

This entry was posted on Tuesday, January 3rd, 2006 at 10:47 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 4702 times