New Windows Vulnerability

Discussion in 'other security issues & news' started by TNT, Dec 27, 2005.

Thread Status:
Not open for further replies.
  1. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    i am using etrust(vet).. will etrust(vet) be able to stop this wmf ?
     
  2. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Well, the source code has been more random with each release, and almost everything is randomized except the "09 00" value in the header, and the escape function "26" and the parameter "09 00".

    You can see how difficult it is to match it. :(
     
  3. sosaiso

    sosaiso Registered Member

    Joined:
    Nov 12, 2005
    Posts:
    601
    Has Computer Associates actually released anything about this threat yet? I keep checking for updates, but nothing as of yet. :T
     
  4. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Microsoft security patch has leaked

    2006-1-4


    Microsoft's OFFICIAL SECURITY UPDATE leaked onto the Internet early (and it works great!)

    It would seem that we can be pretty certain that Microsoft will have this WMF vulnerability mess cleaned up shortly. Microsoft's cryptographically signed and authentic (though perhaps not final), security update addressing this vulnerability has prematurely leaked onto the Internet.

    As expected, Ilfak's WMF vulnerability suppression patch, and his WMF vulnerability testing utility, both interact smoothly and seamlessly with Microsoft's forthcoming official security update. Ilfak's code can be left running while installing Microsoft's security update, then safely removed forever once the system has rebooted from the update.


    Sources: Steve Gibson (GRC) and Sunbelt
     
  5. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    Here is a full FAQ:

    http://castlecops.com/a6445-WMF_Exploit_FAQ.html

    Includes all the downloads, and how this thing works.

    Says why unregistering the dll may not protect you, and why the hotfix is the real way to go.

    Talks about how Win2k may be vulnerable even with hardware DEP.
     
  6. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    A quick look at the Microsoft hotfix

    Source: Sunbelt


    Earlier today we mentioned that Steve Gibson had reported on a leaked hotfix for the WMF exploit from Microsoft.
    We got a copy of the hotfix from an anonymous source who had carefully verified its authenticity by following the certificate chain backward and verifying that it was signed by the identical root certificate as other past updates.
    We ran it through a quick and informal test in our labs.


    Full story here
     
  7. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    New results i think? from av-test

    These detected all the wmf samples
    * BitDefender
    * Computer Associates eTrust-VET
    * F-Secure
    * Kaspersky Lab(im assuming kav clones also)
    * McAfee
    * Eset Nod32
    * Microsoft OneCare-very surprised microsoft product works
    * Sophos
    * Symantec

    These missed just one file:

    * Alwil Avast
    * Clam AntiVirus
    * Aladdin eSafe

    These tools missed a number of samples (total in parentheses):

    * Fortinet (1:cool:
    * AntiVir (24)
    * eTrust-INO (25)
    * Panda (25)
    * Ikarus (26)
    * Norman (26)
    * Ewido (47)
    * AVG (59)
    * VirusBuster (61)
    * QuickHeal (63)
    * Trend Micro (63)
    * Dr Web (93)
    * VBA32 (110)
    * Authentium Command (119)
    * F-Prot (119)

    dont rely too much on these stats since antivirus products are updating everyday
     
    Last edited: Jan 5, 2006
  8. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Which antiviruses match the new v1.16:
     

    Attached Files:

  9. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i haven't read anything about this exploit because i'm not using windows, but when i use it next will i be safe with F-Secure? and then even safer next Tuesday or whenever the next WU is?
     
  10. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  11. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    microsoft has already made the patch at 12/28!! they dont plan to realease until jan 10 but the link here can give you the patch [COLOR="Blue"]Removed[/COLOR]

    its a unofficial patch though...

    Removed link. Not the official release. Ron
     
    Last edited by a moderator: Jan 5, 2006
  12. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    people say the unofficial patch works! according to f-secure
     
  13. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
  14. globule

    globule Guest

    Hi all... Why all the fuss about replacing the bugged M$ dll, since the patch available on Gibson's site seems to work all the time, and since the patched systems don't seem to lack anything at all?
     
  15. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    no need for grc patch microsoft released the patch earlier today
     
  16. Yes, I patched with new Microsoft patch and now FIREFOX doesn't work. It won't even open. Anyone else with this problem? I have done nothing else with the PC except download the official Msoft patch. What a coincidence. Firefox, imagine that.
     
  17. TNT

    TNT Registered Member

    Joined:
    Sep 4, 2005
    Posts:
    948
    Firefox still works on my PC.
     
  18. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio


    I doubt its that, something else must be wrong.
     
  19. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    im using ff without any promblems with the ms patch
     
  20. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    I just got the patch via Auto Updates.
     
  21. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    I have problems with images in Outlook 2003.

    Are blocked.....

    Have checked everything, but don't find the cause of the problem.

    Anyway, doesn't bother me at all, switched to Pocomail, IMHO a better Mail Client then Outlook:)
     
  22. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Outlook 2003 will block the download and display of images by default. If you want to download/view the image, the option should be there in the info bar. You can also change this globally in options.

    Regards,

    CrazyM
     
  23. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,514
    Location:
    Annie's Pub
    Hi CrazyM!

    I know.;)

    Infobar is disappearedo_O

    Settings are ok...o_O

    Have re-installed Outlook but the problems are not solved....
     
  24. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,032
    Location:
    Texas
    More WMF problems for Microsoft
    Story
     
  25. sowhat

    sowhat Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    31
    Last edited: Jan 17, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.