Public service announcement:
1)
Microsoft Security Advisory (912840)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.
Published: December 28, 2005 | Updated: December 30, 2005
Microsoft is investigating new public reports of a vulnerability in Windows. Microsoft is also aware of the public release of detailed exploit code that could be used to exploit this vulnerability. Based on our investigation, this exploit code could allow an attacker to execute arbitrary code on the user's system by hosting a specially crafted Windows Metafile (WMF) image on a malicious Web site. Microsoft is aware that this vulnerability is being actively exploited.
microsoft.com
2)
Unofficial Patch for Windows Flaw
Security experts are urging Windows users to apply a non-Microsoft-issued software patch to fix an extremely dangerous bug that has exposed hundreds of millions of the operating system's users to spyware and viruses.
The patch was developed by computer programmer Ilfak Guilfanov, perhaps best known in security circles as the creator of the open source IDA Pro disassembly tool used to design and deconstruct software and even malware.
blogs.washingtonpost.com
3)
From Ilfak Guilfanov's Hexblog.com >>>>>>>
hexblog.com
Windows WMF Metafile Vulnerability HotFix
This week a new vulnerability was found in Windows.
Browsing the web is not safe anymore, regardless of the browser. Microsoft will certainly come up with a thouroughly tested fix for it in the future, but meanwhile I developed a temporary fix - I badly needed it.
The fix does not remove any functionality from the system, all pictures will continue to be visible. You can download it here:
hexblog.com
It should work for Windows 2000, XP 32-bit, XP 64-bit, and Windows Server 2003.
Technical details: this is a DLL which gets injected to all processes loading user32.dll.
It patches the Escape() function in gdi32.dll. The result of the patch is that the SETABORT escape sequence is not accepted anymore.
I can imagine situations when this sequence is useful. My patch completely disables this escape sequence, so please be careful. However, with the fix installed, I can browse files, print them and do other things.
If for some reason the patch does not work for you, please uninstall it. It will be in the list of installed programs as "Windows WMF Metafile Vulnerability HotFix". I'd like to know what programs are crippled by the fix, please tell me.
I recommend you to uninstall this fix and use the official patch from Microsoft as soon as it is available.
Other info:
dailykos.com |
