[ insider_reports_insider ]
WMF Exploit Still On The Move
John Stith
Staff Writer
2006-01-03
 Insider Reports RSS Feed
The WMF exploit appears to be the nastiest exploit for any software in quite some time. The zero-day vulnerability has no known cure at this point as the first worm surfaced. There are some workarounds but they aren't the best choice. Microsoft is working on the fix. They say they've got it and it's in the testing stages. They plan on releasing it on Patch Tuesday.
 | | WMF Exploit Still On The Move |  |
The primary victims of this problem are Windows XP and the Server 2003 OS although the vulnerability exists on all systems. A number of security folks, including iDefense. It's been seen in emails, F-Secure said they've received reports of an MSN IM worm running around and that's not even counting visiting sites that might have it.
The Microsoft Security Response Center Blog announced earlier this morning they've found the fix for the problem but it's a week away:
Based on that process, we have finished development of a security update to fix the vulnerability and are testing it to ensure quality and application compatibility. Our goal is to release the update on Tuesday, January 10, 2006, as part of the regular, monthly security update release cycle, although quality is the gating factor. Customers will be able to get the update through all the usual deployment tools: Microsoft Update, Windows Update, Automatic Update, the Download Center and Windows Server Update Services.
This vulnerability is one of the worst, if not the worst in the history of this operating system. Even SANS is calling this situation untenable. Tom Liston said in the Handler's Diary:
I've written more than a few diaries, and I've often been silly or said funny things, but now, I'm being as straightforward and honest as I can possibly be: the Microsoft WMF vulnerability is bad. It is very, very bad.
[…]
This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice - unregister shimgvw.dll and use the unofficial patch. You need to trust us.
Following several blogs as well as security software company statements, this issue is pretty rough. Malware is already appearing to take advantage of these vulnerabilities and it goes further than just not visiting website one doesn't trust. Liston is recommending not waiting for the patch. Go on and put in the work around for the moment and then undo it when the patch is available.
About the Author:
John is a staff writer for SecurityProNews covering cyber security.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
