Subject: | |
From: | |
Reply To: | |
Date: | Tue, 3 Jan 2006 12:27:27 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Dear BP Friends,
I am forwarding this from our University IT System Manager. It is
authentic and seems vital to those for us who use pictures.
cp in bc
in the interest of preservation fro XP'ers
----- Original Message -----
From: "Rick Walker" <[log in to unmask]>
To: <[log in to unmask]>; <[log in to unmask]>; <[log in to unmask]>; <[log in to unmask]>
Sent: Tuesday, January 03, 2006 11:33 AM
Subject: [Staff] WMF Metafile Exploit. A new virus trend is here.
> Happy New Year ...... And another hole in Microsoft Windows XP and it's
> a big one. This one is called "the WMF Flaw" or Windows Metafile
> Exploit.
>
> This is NOT a virus that we can filter out of your email. This exploit
> does open the door on the affected system for auto-installation of some
> nasty viruses. Microsoft has not come up with a fix yet and will not
> until February 14th if they follow their normal release schedule.
>
> We have come up with a temporary "fix" to disable the "Windows Picture
> and Fax Viewer" which contains the flaw. To activate this all you have
> to do its reboot your system.
>
> Implications for us. We will no longer be able to view pictures using
> the default Windows Picture and Fax Viewer. Or if you use the Thumbnail
> view for files in Windows Explorer you will see the file name but not
> the usual small picture.
>
> Firstly - Your picture is still there.
> Secondly - You can still view it but you will have to use a different
> program. eg. MSPaint, MSPhoto Editor.
>
> This is a EXPLOIT not a virus. The Exploit once installed can allow
> viruses to be autoloaded onto your system.
>
> This is a quote from a security site.
> "Windows XP and Server 2003 contain a flaw in the component which
> displays certain image files. This flaw allows software to be installed,
> if any Windows application attempts to open a specially-crafted image
> file. ..... "
>
> "The flaw is classified as "Extremely Critical" by most security
> companies. No action is needed on the part of the user to be infected by
> way of this flaw. Security researchers are dubbing this "the WMF flaw",
> as it affects the Windows Metafile Format rendering engine. No update is
> available at this time to fix the flaw.
>
> Web sites which engage in drive-by installations are going nuts. In
> less than 48 hours after this flaw became public knowledge, thousands of
> web sites are believed to have started using the exploit to install
> spyware. At least one adware program, which pops up advertisements on
> certain partner web sites, is exploiting the WMF flaw to install
> additional software. "
>
> See our site for more informatiuon and for instructions on how to
> protect yourself mat home until Microsoft decides to release a patch.
> http://www.tru.ca/its/bulletins.html
>
> An example of an email trying to use the exploit came through today.
>
> Cheers Rick
>
> **********************************************************************
> R.W. (Rick) Walker tel
> 250-828-5321
> Information and Technology Services
> Informatrion Technology Analyst fax
> 250-828-5328
> Thompson Rivers University (April 2005)
> 900 McGill Road
> Kamloops, BC
> See our WebSite at www.tru.ca
> **********************************************************************
>
--
To terminate puerile preservation prattling among pals and the
uncoffee-ed, or to change your settings, go to:
<http://maelstrom.stjohns.edu/archives/bullamanka-pinheads.html>
|
|
|