attention windows users!
Jan. 2nd, 2006 19:47![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
piranhathe last year ended with a major vulnerability in M$ windows, and the new year starts with snowballing pieces of malware out there exploiting it. if you haven't heard about the "WMF exploit" yet, get yourself to this link and follow the instructions to apply the unofficial patch and deregister shimgvw.dll -- this is really serious, and you won't even be safe if you don't run IE or outlook, which are the usual vectors for such crap. this can hit you through other browsers as well. website for the unofficial patch, which might be more up-to-date than the first link by the time you're reading this. remember that you did this, when M$ comes out with their official patch, you'll want to undo both these changes.
generally it's a good idea to have Windows Data Execution Prevention turned on, which keeps data from executing in areas already marked as storage (which is how buffer overflow exploits usually work). in XP SP2 you do that via start -> control panel -> system, tab advanced, performance region settings button, tab data execution prevention, radio button Select Turn on DEP for all programs and services except for those I select. you don't have to add anything there unless you're debugging code. reboot after applying changes (one reboot for all 3 actions, the two above and this one will do :).
generally it's a good idea to have Windows Data Execution Prevention turned on, which keeps data from executing in areas already marked as storage (which is how buffer overflow exploits usually work). in XP SP2 you do that via start -> control panel -> system, tab advanced, performance region settings button, tab data execution prevention, radio button Select Turn on DEP for all programs and services except for those I select. you don't have to add anything there unless you're debugging code. reboot after applying changes (one reboot for all 3 actions, the two above and this one will do :).
So much for hoping MS will release a patch early
on 2006-01-03 19:29 (UTC)Oxy-morons (NEW)
Published: 2006-01-03,
Last Updated: 2006-01-03 18:17:57 UTC by Tom Liston (Version: 1)
"Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks are not widespread."
- Microsoft Security Advisory (912840)
"...Microsoft's intelligence sources..."?!?
Go ahead and laugh. I'll wait.
Through? O.K.
While all of the rest of us were sleeping, it appears that the propeller-heads working on Billy Wonka's Official Microsoft Research and Development Team have been hard at work creating a crystal ball capable of foretelling the future. The only problem: it appears that they made it from rose-colored crystal.
In their rosy vision of the future, over the next seven days, nothing bad is going to happen. The fact that there are point-n-click toolz to build malicious WMFs chock full o' whatever badness the kiddiez can cook up doesn't exist in that future. The merry, lil' Redmond Oompa Loompas are chanting "Our patch isn't ready / you have to wait / so keep antivirus / up-to-date" which makes perfectly accurate, current AV signatures appear on every Windows computer - even those with no antivirus software.
The future, according to Microsoft, is a wonderful, safe, chocolaty place.
And why not? Everything just seems to work out for them!
Imagine! You have tons and tons of work to do! Even now, the Oompa Loompas are hard at work out in Redmond, simultaneously regression-testing and translating Microsoft's WMF patch into Swahili and Urdu. And, somehow, as if by magic, all of this work will wind down at precisely the right moment so that the WMF patch doesn't have to be released "out of cycle." How convenient! Especially if you're wanting to avoid all of that nasty "Microsoft Releases Emergency Patch" publicity.
And remember, if something bad does happen to you during the next seven days, Billy Wonka and his Magic Metafiles aren't to blame. You are!
"Customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability. Users should take care not to visit unfamiliar or un-trusted Web sites that could potentially host the malicious code."
Why are you visiting places on the web you've never been before? Restrict your browsing to safe places, and everything will be just fine. 'Cause no one could ever put a bad graphic file on a place you trust.
Re: So much for hoping MS will release a patch early
on 2006-01-03 21:24 (UTC)