World+dog scrambles to fight Windows flaw

By John Leyden → More by this author

3 Jan 2006 14:08

Protect and survive

Microsoft rushed out a temporary fix on Monday to defend against a dangerous new Windows Meta File vulnerability that became the focus of numerous exploits late last week. Redmond's workaround disables some functions in Windows and is only partially effective. Fortunately, there is an alternative. Security researchers at the SANS Institute advise users to both unregister affected library (DLL files) and to use an unofficial patch, as explained here.

The WMF vulnerability exists in computers running Microsoft Windows XP (SP1 and SP2) and Microsoft Windows Server 2003 and stems from a flaw in a utility used to view picture and fax files. The security flaw might be exploited by inducing victims to view maliciously constructed sites, particularly where IE is used as a browser, or when previewing *.wmf format files with Windows Explorer. Hackers have created a range of Trojan programs which exploit the flaw. Microsoft said it plans to release a patch against the security hole on 10 January as part of its regular "Patch Tuesday" monthly update cycle. ®

Track this type of story as a custom Atom/RSS feed or by email.

MS releases emergency IE fix (27 September 2006)
MS mulls emergency IE fix (26 September 2006)
Unofficial IE patch saves humanity (25 September 2006)
MySpace adware attack hits hard (21 July 2006)
Hackers use BBC story to bait IE exploit (31 March 2006)
eEye issues workaround against unpatched IE flaw (28 March 2006)
MS issues Office überpatch (15 March 2006)
UK.gov repels zero day WMF attack (24 January 2006)
Windows support program bent to fit (12 January 2006)
Microsoft backtracks on WMF patch (6 January 2006)
Windows beats Linux - Unix on vulnerabilities - CERT (5 January 2006)
Windows users waiting for serious fix (3 January 2006)
Trojan alert over unpatched Windows flaw (29 December 2005)
MS releases IE überpatch (14 December 2005)
Trojan exploits unpatched IE flaw (1 December 2005)
Critical MS patch fixes graphics bugs (9 November 2005)
Exploit for unpatched IE vuln fuels hacker fears (19 August 2005)
Firefox exploit targets zero day vulns (9 May 2005)

Top 20 stories All The Week’s Headlines

Whitepapers
Managing the Performance and Availability of .NET Applications The Complementarity of Next Generation Networks and Virtualization Projects Getting The Package Right The Path to Enterprise Desktops: From Personal Computers to Personalized Computing

Breaking Hardware News

Intel ordered to dish documents on deleted antitrust lawsuit e-mails

AMD vs Intel Internal interviews must be disclosed to AMD

Intel has been ordered to hand over secret employee interviews from an internal investigation looking into documents and e-mails that went missing during its antitrust trial with AMD.

Get the ChannelReg newsletters

Related Whitepapers

Webcast : Why Today's Spam Filters Fail
Watch on-line now
Average CPU Power (ACP)
The Truth About Power Consumption Starts Here
The new way to defeat Spam
Increasing productivity with Abaca
Alternate Client Architectures
An overview of alternative architectures to deliver applications to the desktop
Podcast : Why Today's Spam Filters Fail
Listen or download now
Live Migration with AMD-V™ Extended Migration Technology
Live migration functionality works seamlessly across a broad range of AMD64 processors

Top Stories