PDA

View Full Version : Patch Now Available From M/S For WMF Problems

forwardone
01-06-06, 05:52 PM
Microsoft has at last made the fix available for it`s problems with the Windows Metafile (WMF) format.

http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

National Cyber Alert System

Technical Cyber Security Alert TA06-005A


Update for Microsoft Windows Metafile Vulnerability

Original release date: January 5, 2006
Last revised: --
Source: US-CERT


Systems Affected

* Systems running Microsoft Windows


Overview

Microsoft Security Bulletin MS06-001 contains an update to fix a
vulnerability in the way Microsoft Windows handles images in the
Windows Metafile (WMF) format.


I. Description

TA05-362A describes a vulnerability in the way Microsoft Windows
handles Windows Metafile images. This vulnerability could allow a
remote attacker to execute arbitrary code. Microsoft Security Bulletin
MS06-001 contains an update to fix this vulnerability.

The vulnerability is described in further detail in VU#181038.


II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary
code if the user is persuaded to view a specially crafted Windows
Metafile.


III. Solution

Apply a patch from your vendor

Install the appropriate update according to Microsoft Security
Bulletin MS06-001.


Appendix A. References

* Microsoft Security Bulletin MS06-001 -
http://www.microsoft.com/technet/se...n/MS06-001.mspx (http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx)

* US-CERT Vulnerability Note VU#181038 -
http://www.kb.cert.org/vuls/id/181038

* US-CERT Technical Cyber Security Alert TA05-362A -
http://www.us-cert.gov/cas/techalerts/TA05-362A.html
Doro Ajani
01-25-06, 09:32 PM
Here's an online radio show that's podcast that addresses this issue. Each show can be downloaded, and comes with transcripts and program recommendations:

http://www.grc.com/SecurityNow.htm#23

Episode #20 | 29 Dec 2005 | 54 min.
A SERIOUS new Windows vulnerability — and Listener Q&A

On December 28th a serious new Windows vulnerability has appeared and been immediately exploited by a growing number of malicious web sites to install malware. Many worse viruses and worms are expected soon. We start off discussing this and our show notes provides a quick necesary workaround until Microsoft provides a patch. Then we spend the next 45 minutes answering and discussing interesting listener questions.

Episode #21 | 05 Jan 2006 | 27 min.
The Windows MetaFile (WMF) Vulnerability

Leo and I discuss everything known about the first serious Windows security exploits of the New Year, caused by the Windows MetaFile (WMF) vulnerability. In our show's first guest appearance, we are joined by Ilfak Guilfanov, the developer of the wildly popular -- and very necessary -- temporary patch that was used by millions of users to secure Windows systems while the world waited for Microsoft to respond.

Episode #22 | 12 Jan 2006 | 39 min.
The Windows MetaFile Backdoor?

Leo and I carefully examine the operation of the recently patched Windows MetaFile vulnerability. I describe exactly how it works in an effort to explain why it doesn't have the feeling of another Microsoft "coding error". It has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor". We will likely never know if this was the case, but the forensic evidence appears to be quite compelling.

Episode #23 | 19 Jan 2006 | 29 min.
GRC's "MouseTrap"

Leo and I "close the backdoor" on the controversial Windows WMF Metafile image code execution (MICE) vulnerability. We discuss everything that's known about it, separate the facts from the spin, explain exactly which Windows versions are vulnerable and why, and introduce a new piece of GRC freeware: MouseTrap which determines whether any Windows or Linux/WINE system has 'MICE'.