18 replies to this topic

[Donna]

Quote

A flaw in Microsoft's Windows Meta File has spawned dozens of attacks since its discovery last week, security experts warned Tuesday.

The attacks so far have been wide-ranging, the experts said, citing everything from an MSN Messenger worm to spam that attempts to lure people to click on malicious Web sites.

The vulnerability can be easily exploited in Windows XP with Service Pack 1 and 2, as well as Windows Server 2003, security experts said. Older versions of the operating system, including Windows 2000 and Windows ME, are also at risk, though in those cases the flaw is more difficult to exploit, said Mikko Hypponen, chief research officer at F-Secure.

"Right now, the situation is bad, but it could be much worse. The potential for problems is bigger than we have ever seen," Hypponen said. "We estimate 99 percent of computers worldwide are vulnerable to this attack."

More On This

========

Latest from Microsoft:
fix is still being tested and isn't expected to be released until next week

[Jamie Huskisson]

and another bug there and another bug there, another bug gets hacked!

[Donna]

Jay, on Jan 3 2006, 03:32 PM, said:

and another bug there and another bug there, another bug gets hacked!

lol

You should have more control on your bugs Jay, Oh wait UK Bugs are in danger as well, already showed you that.

[Silwolffe]

Oh noes! Thanks for the heads up Donna!

[ktd]

Is it just me or is almost every virus compatible with my computer? For once it's just not me with a big chance of getting a virus!

[syndrome]

I've heard that if you are using IE then the file can just install itself after viewing a page with an infected image, if you are using Firefox then at least you get a dialog box asking if you want ot install the file.

I've also heard that some webmasters have been disabling sig banners on their forums incase on of them is infected.

[codie]

am i glad i sold my PC and got my mac ... no offence to windows users


better go warn my friends and turn off the PC upsatirs its neva used

[Donna]

syndrome, on Jan 4 2006, 02:08 AM, said:

I've heard that if you are using IE then the file can just install itself after viewing a page with an infected image, if you are using Firefox then at least you get a dialog box asking if you want ot install the file.

I've also heard that some webmasters have been disabling sig banners on their forums incase on of them is infected.

I wouldn't be surprised, they are taking this as pretty serious, if you have a forum and allow dymamic sigs I'd suggest disabling them asap.

So just be a little more cautious than normal.

========
codie, Macs are still very vunerable to viruses.

[adam123]

just wait till vista comes and all will be fi...oh wait no it'll be just as bug ridden as XP *cough*linux*cough*

[codie]

Yes i know they are but this attack seems to be only windows based (or is it not)

i absolutly know tht macs get viruses as it has happnd to me once

[l3lueMage]

Or you just get norton, Microsoft Spyware, ZoneAlarm Pro...and you should be safe...Thats what I have......atleast I think Im safe

[Donna]

l3lueMage, on Jan 4 2006, 11:17 AM, said:

Or you just get norton, Microsoft Spyware, ZoneAlarm Pro...and you should be safe...Thats what I have......atleast I think Im safe

No you won't be safe, did you read the entire article?

Take this as very serious and all precautions you can.

[Stu]

by the sound of things it doesnt look like there are any precautions we can take - apart from crossing our fingers

[Donna]

There is one they are kinda recommending

USE AT YOUR OWN RISK

http://www.hexblog.com/

A site hosting unauthorized protection against the Microsoft WMF flaw has been taken offline after being swamped by users trying to protect themselves from a growing list of threats.

Ilfak Guilfanov's personal Web site was switched off by his hosting provider on Wednesday morning after hordes of Microsoft users scrambled to download his unofficial patch against the Windows Meta File vulnerability, according to antivirus company F-Secure.

The site was temporarily closed as "half the planet tried to download WMFFIX_HEXBLOG.EXE." reported F-Secure in its blog.

At the time of writing, the unofficial patch is again available from Guilfanov's site. It's also available from the Sunbelt Blog.

Microsoft has advised businesses not to use the patch, as the company cannot guarantee it will work. But with no official patch due to be released until next week, security experts are urging businesses to use the unofficial patch because of the serious nature of the WMF vulnerability.

News Source

[InFnit]

adam123, on Jan 4 2006, 10:46 AM, said:

just wait till vista comes and all will be fi...oh wait no it'll be just as bug ridden as XP *cough*linux*cough*

I believe Vista is based on the 2003 platform not XP....meaning they would have learned from their mistakes with XP. Plus this time they are being 'transparent' meaning more bugs will be spotted before releasing to the public.

I have nothing to say about this virus except, "How sad"

[Canen Art]

Thank you for the heads up Donna.

Regards,

Jason

[Jaymz]

http://www.pixel2life.com/forums/index.php...topic=17732&hl=

Official Microsoft patch released. Topic closed as this is solved