Renegade Public Forums
C&C: Renegade --> Dying since 2003™, resurrected in 2024!
Home » General Discussions » General Discussion » Everyone Read - Windows WMF Vulnerability Patch
Everyone Read - Windows WMF Vulnerability Patch [message #184510] Mon, 02 January 2006 14:25 Go to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
Last week a vulnerability was found in all versions of windows that allows people to execute arbitrary code using a buffer over-run in Windows Metafiles.

WMF files are images, so can be placed on any website or email and can be used to attack your system.

Please, everyone read: http://grc.com/sn/notes-020.htm
Use this to see if your system is vulnerable: http://www.hexblog.com/2006/01/wmf_vulnerability_checker.htm l
Use this to 3rd party patch to secure it: http://www.hexblog.com/security/files/wmffix_hexblog13.exe

More technical details can be found here: http://www.f-secure.com/weblog/

EDIT:

Due to over-use, the hexblog website has been suspeneded. New Download links hosted on GRC.com

The Checker: http://www.grc.com/miscfiles/wmf_checker_hexblog.exe
and The Patcher: http://www.grc.com/miscfiles/wmffix_hexblog14.exe

EDIT 2:

A revised list of vulnerable OS's. Bascially the two main ones are XP and Server 2003. http://blog.ziffdavis.com/seltzer/archive/2006/01/03/39684.a spx

F-Secure RSS Feed:

Larry Seltzer from eWeek has been doing lots of additional testing against older versions of Windows and bad WMF files.He has just blogged his interesting findings:...in a practical sense, only Windows XP and Windows Server 2003 (in all their service pack levels) are vulnerable to the WMF flaw.
...all versions of Windows back to 3.0 have the vulnerability in GDI32.

Except for Windows XP and Windows Server 2003, no Windows versions, in their default configuration, have a default association for WMF files, and none of their Paint programs or any other standard programs installed with them can read WMF files...So the vulnerability is there on all platforms but it seems that only Windows XP and 2003 are easily exploitable. Unfortunately this still means that majority of Windows computers out there are vulnerable right now. And at least Windows 2000 becomes vulnerable if you're using many of the available third party image handling programs to open image files. On 03/01/06 At 07:29 AMhttp://www.f-secure.com/weblog/#00000764


http://www.azupload.com/displayImage.php/setid2745.png

[Updated on: Wed, 04 January 2006 02:29]

Report message to a moderator

Re: Everyone Read - Windows WMF Vulnerability Patch [message #184511 is a reply to message #184510] Mon, 02 January 2006 14:40 Go to previous messageGo to next message
Aprime
Messages: 900
Registered: July 2005
Location: Gatineau, Canada
Karma: 0
Colonel

It seems that many servers are affected by this, yesterday for instance my antivirus blocked 5 attempts to infect my computer using this method.

FUCK
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184512 is a reply to message #184510] Mon, 02 January 2006 14:47 Go to previous messageGo to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
Yeah, there are a lot of people who are trying to use this method to infect computers.

Anything from a website to an email attachment to an MSN link can do it.


http://www.azupload.com/displayImage.php/setid2745.png
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184513 is a reply to message #184510] Mon, 02 January 2006 14:54 Go to previous messageGo to next message
idebo is currently offline  idebo
Messages: 390
Registered: October 2004
Location: Netherlands
Karma: 0
Commander
Thanks for the info. Thumbs Up
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184515 is a reply to message #184510] Mon, 02 January 2006 15:15 Go to previous messageGo to next message
icedog90 is currently offline  icedog90
Messages: 3483
Registered: April 2003
Karma: 0
General (3 Stars)
Thanks, my system turned out to be vulnerable.
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184541 is a reply to message #184510] Mon, 02 January 2006 22:09 Go to previous messageGo to next message
csskiller is currently offline  csskiller
Messages: 522
Registered: April 2004
Karma: 0
Colonel
Thanks, I would have never found out if you hadn't told me. Big Grin

Just when Microsoft was beginning to win back my vote...

Things by Microsoft that I hate:
  • X-Box
  • Windows (to an extent)
  • Microsoft Flight Simulator
  • X-Box 360
  • Halo


When history witnesses a great change, Razgriz reveals itself,
First as a dark demon,
As a demon it uses its power to reign death upon the land;
and then it dies.

However, after a period of slumber, Razgriz returns.
This time as a great hero...
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184542 is a reply to message #184510] Mon, 02 January 2006 23:11 Go to previous messageGo to next message
Lijitsu
Messages: 1575
Registered: April 2005
Location: Georgia, USA
Karma: 0
General (1 Star)

Ooh, nice discovery. I've had the setup at the restart part for the last hour, like an idiot.

Oh, and thank you.


http://img235.imageshack.us/img235/6192/campfiresigred7rb.png
http://img74.imageshack.us/img74/2544/hmminiinferno9sb.jpg
Aircraftkiller wrote on Wed, 31 May 2006 22:30

I've been Nodbuggered. =( =( =(
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184543 is a reply to message #184510] Mon, 02 January 2006 23:13 Go to previous messageGo to next message
xptek is currently offline  xptek
Messages: 1410
Registered: August 2004
Location: USSA
Karma: 0
General (1 Star)
And then FreeBSD was born..

cause = time
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184544 is a reply to message #184510] Tue, 03 January 2006 00:24 Go to previous messageGo to next message
Goztow is currently offline  Goztow
Messages: 9738
Registered: March 2005
Location: Belgium
Karma: 13
General (5 Stars)
Goztoe
Tx for notifying! Winamp r0x0rs Smile.

You can find me in The KOSs2 (TK2) discord while I'm playing. Feel free to come and say hi! TK2 discord
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184552 is a reply to message #184510] Tue, 03 January 2006 06:15 Go to previous messageGo to next message
RTsa is currently offline  RTsa
Messages: 484
Registered: January 2005
Location: Finland
Karma: 0
Commander
Yes, this was actually in the Finnish news yesterday...
I didn't think it was too serious but I did check that my computer is vulnerable to this thing.

I guess I'll install the hotfix, thanks for the links Smile


Re: Everyone Read - Windows WMF Vulnerability Patch [message #184554 is a reply to message #184510] Tue, 03 January 2006 06:25 Go to previous messageGo to next message
The Mad Hatter is currently offline  The Mad Hatter
Messages: 37
Registered: March 2005
Karma: 0
Recruit
Thank you.

So once Microsoft release a fix you should uninstall the patch?


''Ah - there's nothing that makes you feel more alive than killing is there Smithers?''
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184567 is a reply to message #184510] Tue, 03 January 2006 12:03 Go to previous messageGo to next message
Xtrm2Matt is currently offline  Xtrm2Matt
Messages: 1318
Registered: February 2003
Location: England, UK
Karma: 0
General (1 Star)
I don't think you realise how easy it is to infect people with this.

My signature could hold the virus for all you know. Only a decent AV can tell.


http://www.OpticalGaming.com/matt/signature.jpg
http://www.OpticalGaming.com || irc.OpticalGaming.com
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184572 is a reply to message #184541] Tue, 03 January 2006 13:10 Go to previous messageGo to next message
Spice
Messages: 1448
Registered: November 2003
Location: Ohio
Karma: 0
General (1 Star)
Thanks, I just applied the patch.

csskiller wrote on Tue, 03 January 2006 00:09



Just when Microsoft was beginning to win back my vote...

Things by Microsoft that I hate:
  • Halo



Actually, Microsoft didn't make Halo, Bungie developed the game, Microsoft only published it. The game still sucks though.


http://img46.imageshack.us/img46/8027/userbar358428pu3.gif
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184576 is a reply to message #184572] Tue, 03 January 2006 13:23 Go to previous messageGo to next message
Lijitsu
Messages: 1575
Registered: April 2005
Location: Georgia, USA
Karma: 0
General (1 Star)

EXdeath7 wrote on Tue, 03 January 2006 15:10

Thanks, I just applied the patch.

csskiller wrote on Tue, 03 January 2006 00:09



Just when Microsoft was beginning to win back my vote...

Things by Microsoft that I hate:
  • Halo



Actually, Microsoft didn't make Halo, Bungie developed the game, Microsoft only published it. The game still sucks though.

Thank you for standing up for the game, but why do you hate it? I want a real answer, too. I've been getting shit like: "PC 1S B3774R 7H3N X80X!11!!ONE!" Yes, the PC is better than the Xbox, but the Xbox is a console. You can't upgrade a console like you can a PC.


http://img235.imageshack.us/img235/6192/campfiresigred7rb.png
http://img74.imageshack.us/img74/2544/hmminiinferno9sb.jpg
Aircraftkiller wrote on Wed, 31 May 2006 22:30

I've been Nodbuggered. =( =( =(
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184583 is a reply to message #184510] Tue, 03 January 2006 15:00 Go to previous messageGo to next message
Spice
Messages: 1448
Registered: November 2003
Location: Ohio
Karma: 0
General (1 Star)
That... my friend, is a story for another topic.



http://img46.imageshack.us/img46/8027/userbar358428pu3.gif
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184586 is a reply to message #184554] Tue, 03 January 2006 16:29 Go to previous messageGo to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
The Mad Hatter wrote on Wed, 04 January 2006 02:25

Thank you.

So once Microsoft release a fix you should uninstall the patch?


Correct. Once Microsoft fix this issue, then you will have no need for this patch. It is a temporary measure.

Edit: Here is an updated list of vulnerable systems. Looks like pepole on 98/2000 are more secure than we thought. The two most vulnerable OS's are XP and Server 2003

It can be hidden in an image, so any image could do it, including Xtrm2Matt's signature.

For the record: Halo kicks ass.


http://www.azupload.com/displayImage.php/setid2745.png

[Updated on: Wed, 04 January 2006 02:27]

Report message to a moderator

Re: Everyone Read - Windows WMF Vulnerability Patch [message #184591 is a reply to message #184510] Tue, 03 January 2006 17:18 Go to previous messageGo to next message
cmatt42 is currently offline  cmatt42
Messages: 2057
Registered: July 2004
Karma: 0
General (2 Stars)
Quote:

Account for domain hexblog.com has been suspended


Re: Everyone Read - Windows WMF Vulnerability Patch [message #184593 is a reply to message #184510] Tue, 03 January 2006 17:42 Go to previous messageGo to next message
csskiller is currently offline  csskiller
Messages: 522
Registered: April 2004
Karma: 0
Colonel
Here are the programs that were on the site.
The first one being the checker and the second one being the patch

And although Halo kicks ass I still don't like it Razz


When history witnesses a great change, Razgriz reveals itself,
First as a dark demon,
As a demon it uses its power to reign death upon the land;
and then it dies.

However, after a period of slumber, Razgriz returns.
This time as a great hero...
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184622 is a reply to message #184510] Tue, 03 January 2006 21:04 Go to previous messageGo to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
Ilfak Guilfanov's "HexBlog" web site has been administratively suspended due to excessive use. (Yeah, no kidding!) My recent eMail to Ilfak bounced with an "unknown recipient" error. You may retrieve Ilfak's latest files from the GRC server using the following links:

From: http://grc.com/sn/notes-020.htm

Download links, hosted on GRC.com

http://www.grc.com/miscfiles/wmffix_hexblog14.exe
http://www.grc.com/miscfiles/wmf_checker_hexblog.exe

Thanks csskiller for uploading them here too.


http://www.azupload.com/displayImage.php/setid2745.png
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184747 is a reply to message #184510] Thu, 05 January 2006 03:57 Go to previous messageGo to next message
Xtrm2Matt is currently offline  Xtrm2Matt
Messages: 1318
Registered: February 2003
Location: England, UK
Karma: 0
General (1 Star)
You really shouldn't go and download an exe you know nothing about.

Use built-in Windows features to immune yourself:
Start > run > regsvr32 /u shimgvw.dll

To re-enable the dll, just do:
Start > run > regsvr32 shimgvw.dll

....

A side-effect is that it will disable viewing of thumbnails in Windows image thingy-whatever-ma-jick. Just use another image viewing program to do such a thing.


http://www.OpticalGaming.com/matt/signature.jpg
http://www.OpticalGaming.com || irc.OpticalGaming.com
icon7.gif  Re: Everyone Read - Windows WMF Vulnerability Patch [message #184784 is a reply to message #184510] Thu, 05 January 2006 11:35 Go to previous messageGo to next message
The Mad Hatter is currently offline  The Mad Hatter
Messages: 37
Registered: March 2005
Karma: 0
Recruit
Thanks for the info.

''Ah - there's nothing that makes you feel more alive than killing is there Smithers?''
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184814 is a reply to message #184510] Thu, 05 January 2006 15:31 Go to previous messageGo to next message
Dave Mason is currently offline  Dave Mason
Messages: 2357
Registered: April 2004
Location: Shropshire, England
Karma: 0
General (2 Stars)
http://www.microsoft.com/athome/security/update/bulletins/20 0601_WMF.mspx

www.myspace.com/midas
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184838 is a reply to message #184510] Thu, 05 January 2006 18:11 Go to previous messageGo to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
http://grc.com/sn/notes-020.htm << Explains pretty much everything.

The guy who wrote this released his source code too. People have looked over it and said it's fine.

Besides, your taking a bigger risk not patching.


http://www.azupload.com/displayImage.php/setid2745.png
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184846 is a reply to message #184747] Thu, 05 January 2006 19:21 Go to previous messageGo to next message
light is currently offline  light
Messages: 988
Registered: January 2005
Karma: 0
Colonel
Xtrm2Matt wrote on Thu, 05 January 2006 23:57

You really shouldn't go and download an exe you know nothing about.

Use built-in Windows features to immune yourself:
Start > run > regsvr32 /u shimgvw.dll

To re-enable the dll, just do:
Start > run > regsvr32 shimgvw.dll

....

A side-effect is that it will disable viewing of thumbnails in Windows image thingy-whatever-ma-jick. Just use another image viewing program to do such a thing.


Thats not a full fix. It just makes it harder to trigger the vulnerability.

However, I believe MS have released their patch now. (It does exactly them same thing as the 3rd party one)


http://www.azupload.com/displayImage.php/setid2745.png
Re: Everyone Read - Windows WMF Vulnerability Patch [message #184847 is a reply to message #184510] Thu, 05 January 2006 19:29 Go to previous messageGo to previous message
Dave Mason is currently offline  Dave Mason
Messages: 2357
Registered: April 2004
Location: Shropshire, England
Karma: 0
General (2 Stars)
Hence my link.

www.myspace.com/midas
Previous Topic: FUDForum upgrade
Next Topic: OT: Funny commercial
Goto Forum:
  


Current Time: Wed Dec 11 05:51:58 MST 2024

Total time taken to generate the page: 0.01307 seconds