WMF vulnerability
Last week there was a MAJOR vulnerability discovered in Windows. (It's a huge hole that has always been there and you have to wonder how nobody has found and published it before, but apparently this is the first time it's been publically known and widely-exploited.)
If all is as it's being reported, this thing is BAD. It's very hard to protect against. There aren't major viruses using it yet, but there almost certainly will be soon. Your machine can be compromised and infected by whatever malware uses this exploit just by viewing an image on a website or in an email.
This affects every browser, email client, IM client, etc. on Windows. Mac users are safe.
I just found out about this, and I'm not sure yet what advice to give. Probably you should install Ilfak Guilfanov's patch, which is linked from the pages I link to below. I'm about to try it on my Windows machines.
Update 1/4/2005: After installing the unofficial patch on several of my machines and reading the news for another day, I'm going to go ahead and recommend that you install the unofficial patch.
For more details, see these pages or ask google:
KB 912840 -- Microsoft's security advisory. (Unfortunately, this contains a bunch of misleading comments downplaying the severity of the problem.)
hexblog.com -- Ilfak Guilfanov's site with download links and a FAQ
WMF FAQ on isc.sans.org (Internet Storm Center)
WMF: patches and workarounds explained -- further discussion on what the unofficial patch does to protect you that Microsoft's recommended actions do not do.
Security Now! notes for Episode #20 -- Steve Gibson's notes and links, including Ilfak's patch
Sunbelt BLOG -- extensive coverage from a security vendor
Changelog:
1/4/2005 1411 CST -- Add more links.
1/4/2005 1454 CST -- More links, recommend hexblog patch
If all is as it's being reported, this thing is BAD. It's very hard to protect against. There aren't major viruses using it yet, but there almost certainly will be soon. Your machine can be compromised and infected by whatever malware uses this exploit just by viewing an image on a website or in an email.
This affects every browser, email client, IM client, etc. on Windows. Mac users are safe.
I just found out about this, and I'm not sure yet what advice to give. Probably you should install Ilfak Guilfanov's patch, which is linked from the pages I link to below. I'm about to try it on my Windows machines.
Update 1/4/2005: After installing the unofficial patch on several of my machines and reading the news for another day, I'm going to go ahead and recommend that you install the unofficial patch.
For more details, see these pages or ask google:
KB 912840 -- Microsoft's security advisory. (Unfortunately, this contains a bunch of misleading comments downplaying the severity of the problem.)
hexblog.com -- Ilfak Guilfanov's site with download links and a FAQ
WMF FAQ on isc.sans.org (Internet Storm Center)
WMF: patches and workarounds explained -- further discussion on what the unofficial patch does to protect you that Microsoft's recommended actions do not do.
Security Now! notes for Episode #20 -- Steve Gibson's notes and links, including Ilfak's patch
Sunbelt BLOG -- extensive coverage from a security vendor
Changelog:
1/4/2005 1411 CST -- Add more links.
1/4/2005 1454 CST -- More links, recommend hexblog patch