Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 07:29:33 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN  (Read 7227 times)

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« on: January 02, 2006, 12:05:37 PM »
A fairly serious vulnerability was found in windows recently which is apparently being used in the wild and can infect computer simply by viewing an infected web page, etc.:

http://www.microsoft...lletin/ms06-001.mspx



an extremely well respected programmer (one of the authors of IDA) has written an unofficial fix for this because microsoft is not responding in a timely manner:

http://www.hexblog.c...005/12/wmf_vuln.html

i've read the description and comments and it seems well thought out and safe (and uninstallable).

I have installed this myself.

Seems safe and can be uninstalled if for some reason you have any issues.  just fyi..



A new OFFICIAL patch has been released by microsoft - just run windows update to get it.
Read more here: http://www.microsoft...lletin/ms06-001.mspx

(note: it's not clear yet whether people who installed the unofficial patch need to uninstall that first, but safe bet would be uninstall official from add/remove programs list, then reboot, then run windows update to get official patch).
« Last Edit: January 08, 2006, 07:13:25 AM by mouser »

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #1 on: January 02, 2006, 12:31:40 PM »
more info on the vulnerability:
http://www.msnbc.msn.com/id/10651414/

brotherS

  • Master of Good Ideas
  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 2,136
    • View Profile
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #2 on: January 02, 2006, 12:36:05 PM »
Nasty stuff out there!  :down:

brotherS

  • Master of Good Ideas
  • Honorary Member
  • Joined in 2005
  • **
  • Posts: 2,136
    • View Profile
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #3 on: January 02, 2006, 12:38:21 PM »
Hmm... after thinking about that a bit I wonder if Firefox could protect you (again).

The article doesn't even mention Firefox, maybe because it's on MSNBC?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #4 on: January 02, 2006, 12:45:19 PM »
i dont think firefox will protect you from this.  more informaiton from antivirus company f-secure:
http://www.f-secure.com/weblog/

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 617
    • View Profile
    • Mark's home
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #5 on: January 03, 2006, 03:03:28 PM »
I installed the fix from the IDA guy (totally counting on his "fame" :D ) some days ago on various PC, and from my experience it worked and haven't negatively affected nothing. Since Microsoft is taking too much time to patch this (as usual), I think it's highly recommended to apply this patch.

One of the nasty thing with this kind of exploit, is that you don't even need to open/view the file if, for example, you are running Google Desktop. When Google crawler hit the file, it will try to render it himself to get a proper thumbnail!

Bye!

Jibz

  • Developer
  • Joined in 2005
  • ***
  • Posts: 1,128
    • View Profile
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #6 on: January 03, 2006, 05:06:32 PM »
Seems hexblog.com has been suspended - probably too much trafic.

Any (trustworthy) alternative download sites?

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #7 on: January 03, 2006, 05:10:32 PM »

Mark0

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 617
    • View Profile
    • Mark's home
    • Donate to Member
Re: Unofficial fix for recent (and serious) windows vulnerability
« Reply #8 on: January 03, 2006, 05:16:46 PM »
Any (trustworthy) alternative download sites?
No that I like too much Steve Gibson site, but his mirror come handy! :)
http://www.grc.com/sn/notes-020.htm

Bye!

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NEW OFFICIAL FIX - Recent (and serious) Windows Vulnerability - READ IN
« Reply #9 on: January 05, 2006, 02:48:25 PM »
original post updated with info about new official patch.

tinyvillager

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 444
    • View Profile
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #10 on: January 10, 2006, 01:36:42 PM »
Source:http://news.com.com/More+WMF+problems+for+Microsoft/2100-1002_3-6024931.html?part=rss&tag=6024931&subj=news


You still have to be careful...

Just days after Microsoft rushed out a patch to fix a critical Windows flaw related to the processing of Windows Meta File images, two more problems with the component were flagged.


Source:http://secunia.com/advisories/18364/

Avaya Products Microsoft Windows WMF "SETABORTPROC" Vulnerability

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #11 on: January 13, 2006, 12:27:30 PM »
ok this is fascinating:
listen to the mp3 or read the transcript of this new discussion that the vulnerability could have been a planted backdoor:

http://www.grc.com/securitynow.htm
(direct link to mp3 -> http://media.grc.com/sn/SN-022.mp3)

note: we've been discussing grc and steve gibson here in another thread, so take this with a real grain of salt; but expect there to be a lot of controversy over this.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #13 on: January 14, 2006, 01:50:09 PM »
Mr. Gibson is such a sensationalist. I'm reading the transcript of the MP3, and all I see is "LOOK AT ME LOOK AT ME". And it sounds like he, as usual, isn't really understanding what's going on - *sigh*
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #14 on: January 14, 2006, 01:56:55 PM »
it will be extremely interesting to hear the next episode of the mp3 show.
fodder you should listen to it on mp3 - it's clear that his cohost realizes the gravity of what he's accusing microsoft of doing and keeps offering him the opportunity to back down but he never does.. you have to give him some credit for sticking his neck out so far on something that's going to get a lot of push back.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #15 on: January 15, 2006, 11:07:25 AM »
I read the transcript, and this "keeps offering him the opportunity to back down" looks more like something to cover their asses. It seems like Gibson hasn't analysed the flaw (ie, proper reverse engineering) but rather just fiddled with .WMF files until he produced one that worked, and then jumps to conclusions that 1 is a "magic backdoor value", while it sounds more like a buffer overflow to me. I haven't done RE of it either, but I'd rather opt for something that sounds plausible instead of brewing up conspiracy theories.

Quote
you have to give him some credit for sticking his neck out so far on something that's going to get a lot of push back.
Not really. Sticking out his neck this way gives him publicity, and that's what he wants.
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #16 on: January 16, 2006, 10:08:09 AM »
long slashdot discussion of the issue:
http://it.slashdot.o.../01/16/0615247.shtml

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #17 on: January 16, 2006, 10:31:13 AM »
Heh, even the /. zealots say that Gibson is a crackpot ^_^
- carpe noctem

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #18 on: January 19, 2006, 09:27:12 AM »
...so much for Gibson's "magic value" theories - here's a guy that KNOWS how to reverse engineer, and has actually done it: http://www.sysinternals.com/Blog/
- carpe noctem

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,421
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: OFFICIAL WINDOWS UPDATE for Windows Vulnerability - READ IN
« Reply #19 on: January 19, 2006, 12:38:52 PM »
fodder's link, to Mark Russinovich's blog entry about the wmf vulnerability, will no doubt be the definitive word on the subject.

His conclusion:
Quote
"The bottom line is that I'm convinced that this behavior, while intentional, is not a secret backdoor."

looks like steve gibson is going to be eating his words on his next radio show.