Printable View
As wmf is a very common file used by graphic users I thought it best to advise you of a new security threat using these files.
For info:
http://news.bbc.co.uk/1/hi/technology/4566504.stm
http://www.websensesecuritylabs.com/...hp?AlertID=385
http://www.microsoft.com/technet/sec...ry/912840.mspx
http://secunia.com/advisories/18255/
Egg
Thank you Egg. Nice heads-up, Willy
Thanks, Egg. I had not received an alert for this problem.
Just to be clear, there is no threat "using" these files -- you are not "less secure" when you are exporting or importing WMF images.
Rather, someone with malicious intent can create a corrupted WMF file that (when viewed in Outlook Express, IE, and certain other programs) will open the door to intall trojan software on your computer.
Thus, it's not so much of particular concern to Xara users (just because we may be more likley to use the WMF format), but of equal concern to anyone who uses the Web. (Merely clicking a link to a page which has one of these intentionally mal-formed WMF images could potentially infect your computer.)
Fix out on January 10th. http://www.cbc.ca/cp/business/060103/b010372.html
Read all about it here from one of the best security experts at GRC.COM, plus get the latest patch NOW and listen to the mp3 files for a discussion regarding this issue.
http://www.grc.com/sn/notes-020.htm
Please note that many security experts are recommending waiting for a officially released patch from microsoft. If you use one of the unofficial or third party patches and things get screwed up you'll have some serious regrets!
It has also been suggested that the same hackers who might exploit the vulnerability might also exploit users seeking a patch --- it is likely there will be patches out there that give hackers control of your computer.
Waiting for a official microsoft patch is probably good advice. I also note that I have never seen a webpage that uses wmf content. I suppose for the time being stay away from the kinds of sites generally known to be used by hackers to spread their evil code --- stay away from porn sites, shareware sites, and certainly warez sites.
The experts in the know would not tell you to wait for the MS patch without also telling you to unplug your internet connection until MS releases the patch.
Failure to install this patch will leave you vulnerable to attack especially now that the hackers are aware of it's existence. Waiting as you suggest and surfing the net is *NOT* good advice.
This is a SERIOUS issue not to be taken so lightly.
Again the best first hand source of information on this is in my previous post. Take the time to listen to the discussion on this and get good information first hand from the experts. This is NOT the time to get second or third hand advise from the news writers.
When I installed Xara Xtreme, I had it take over many of the functions for displaying images that were found in the built-in Windows Picture and Fax viewer. (Item which is vulnerable to this exploit.) Does anyone know if simply changing the file assocition for WMF files to Xara's Picture editor is a quick fix for this exploit? My assumption being that Xara would block any nastiness from happening, but then I could be wrong on this point too!
I just did a big presentation at our December user group meeting on Xtreme, and it garnered a lot of interest. Would like to be able to tell them that this is another good reason for using Xara! ;-)
Windows update now has the fix for this issue.
Cheers
Mike R
Here's a direct link to the official microsoft patch.
Additional info, for you listening pleasure, on the current patch and some background details on how all this came about. You'll be surprised to know that this was a WMF "feature" not a bug. Enjoy!
http://media.grc.com/sn/SN-021-lq.mp3
Thanks for the link, Ross, the audio link was very interesting, Ed.