• This is a stand-to for an incoming competition, one of our most expensive yet.
    Later this week we're going to be offering the opportunity to Win £270 Rab Neutrino Pro military down jacket
    Visit the thread at that link above and Watch it to be notified as soon as the competition goes live

New Windows (XP) Exploit - You ARE vulnerable.

#1
Greetings peeps,

Hot off the press:
A new vulnerability has been discovered in Windows XP.
Details can be found here :-
http://isc.sans.org

This is nasty - a flaw in the WMF graphics file handling that can lead to code being executed on your PC.. there's no patch yet and it's quite likely that your anti-virus vendor doesn't have a fix for it.

The evil thing is that WMF files can be embedded in most types of email message, i.e. it does NOT have to be an attachment. You can get infected just by viewing the graphic in a preview pane.

Web browsers are vulnerable too, including Firefox/Mozilla.

http://www.f-secure.com/weblog/ (has some info)
http://isc.sans.org/ has the latest news (has a more detailed description)

For those of you who just want to be safe :-
The vulnerability seems to be within SHIMGVW.DLL. Unregistering this DLL (type REGSVR32 /U SHIMGVW.DLL at the command prompt or in the "Start->Run" Window, then reboot) will resolve most of the vulnerability, but will also break your Windows "Picture and Fax Viewer", as well as any ability of programs like "Paint" and "Explorer" to display thumbnails of any picture and real (benign) WMF files.
TTFN

BFG
 
#2
switched over to linux :lol:
no pop ups no spam ands free :twisted:
not that i paid for xp anyway :twisted: bwhahahaahaha
 
#6
on a lighter note, thnx for the advice pal. i'll be sure to don tin foil hats and attack cable modem with an axe until a suitable fix has been found.

i'll keep you guys informed!
 
#8
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
It's not rocket science, If you are using your PC as Admin, you deserve waht you get.
 
#9
kill kill the mac luser let the O/S wars begin all hail linux :)
as long as its SUSe the red hat wearing heretics can go to the pit
 
#11
No doubt Mac's are vunerable to attacks as well. Just that at the moment attention is against MSoft. When hackers get bored they will move on to Mac's. Like I give a shiit anyway. Mac's have nice pretty desktop graphics etc, but, bugger all else on them really.
 
#13
Manchester_Rogue said:
ahhhhhhhh!!!! it's a mac user! burn him... burn himmm!!!
And a Medic burnnnnnnnnnnnnnnn :twisted: :twisted: :twisted: :twisted: :twisted: :twisted: :twisted:

Really only joking :D bn
 
#14
Manchester_Rogue said:
i have read the thing over and over, and still don't understand how it can affect ur pc.

can some clever young un spell it out for me in no more than a single sentence?
When you are surfing the internet and you click on a link to a picture with a WMF extention, it may not be a picture at all, but a program which will download a virus to your computer.

If you need antivirus software (make sure yours is updated) have a look at http://free.grisoft.com

Also ensure that you set your windows update to update your PC automatically. Go to Control Panel -> Automatic updates and click on 'Automatic (Recommended)'.

To make sure you have no spyware on your computer, download Adaware from here: http://www.lavasoft.com/software/adaware/

I would also recommend that you download Firefox from http://www.mozilla.com/firefox/

This will at least warn you if you click on a link to a WMF file, unlike Internet Explorer.

msr
 
#15
golddust said:
Mac's have nice pretty desktop graphics etc, but, bugger all else on them really.
Ah, the old ill-informed 'they look nice but you can't get any software' crock. That'll be why they're used throughout the imaging, print and other media industries, then.

You still think the earth is flat, don't you?
 
#16
ViroBono said:
golddust said:
Mac's have nice pretty desktop graphics etc, but, bugger all else on them really.
Ah, the old ill-informed 'they look nice but you can't get any software' crock. That'll be why they're used throughout the imaging, print and other media industries, then.

You still think the earth is flat, don't you?

Yep, thats me!!!!

I use PC at home and Mac's at work (digital studio). My own print company as I recall. Well, it was couple of days before Christmas - guess it still is!!

So, I do know the difference, and what the machines are capable of. We are both right. They are superb at imaging etc, but, piss poor availability for the home PC user.

Happy New Year to all.
 
#17
golddust said:
So, I do know the difference, and what the machines are capable of. We are both right. They are superb at imaging etc, but, urine poor availability for the home PC user.

Happy New Year to all.
What are you talking about? Apart from games, the bulk of people surf the internet (Safari), write email (Mail 1.1) and occasional letters (Pages/ Office)

msr
 
#18
msr said:
golddust said:
So, I do know the difference, and what the machines are capable of. We are both right. They are superb at imaging etc, but, urine poor availability for the home PC user.

Happy New Year to all.
What are you talking about? Apart from games, the bulk of people surf the internet (Safari), write email (Mail 1.1) and occasional letters (Pages/ Office)

msr
Yep, I got that the wrong way round me thinks. The PC is better for the average user. Mac's for Imagimg etc.

Must be all the damn drink misting my final and only brain cell!!!
 
#19
msr said:
Manchester_Rogue said:
i have read the thing over and over, and still don't understand how it can affect ur pc.

can some clever young un spell it out for me in no more than a single sentence?
When you are surfing the internet and you click on a link to a picture with a WMF extention, it may not be a picture at all, but a program which will download a virus to your computer.

If you need antivirus software (make sure yours is updated) have a look at http://free.grisoft.com

Also ensure that you set your windows update to update your PC automatically. Go to Control Panel -> Automatic updates and click on 'Automatic (Recommended)'.

To make sure you have no spyware on your computer, download Adaware from here: http://www.lavasoft.com/software/adaware/

I would also recommend that you download Firefox from http://www.mozilla.com/firefox/

This will at least warn you if you click on a link to a WMF file, unlike Internet Explorer.

msr
wmf file? you mean like a windows media file, i.e. a video? i never click on them anyway, i only surf forums and play games (big kid at heart). does that mean i wont get the virus?
 
#20
I use Macs at Uni, and to tell the truth I prefer them to PC's just because of the asthetics and the fact they don't crash. I also prefer the Macs version of Word and SPSS as I think they're nicer to work on, compared to the windows versions.

However, I think the i-books need to change to the glossy screens - thats the only thing that stoped me from getting one with a replacement laptop voucher I had from an insurance claim.
 

Similar threads

Latest Threads

Top