Windows metafile vulnerability

Posted by on January 3, 2006

Some “kind” soul apparently thought that us Network Geeks didn’t have anything planned for New Year’s Eve so they released a very VERY nasty little bug to keep us all entertained.

How nasty? How about you could already be infected and not know it.
Normally the protection against these threats is to simply not open email attachments you didn’t expect regardless of who they are from. I’ve received email attachments from MYSELF! The bad guys are crafty little buggers. Unfortunately, this latest threat is even craftier(is that a word?
It is now) than that. All you need to do is visit a website that is seeking to infect you and whammo…yer done.

Think of this thing as a mugger except that you never know you were mugged.
It lurks out there and when it attacks you will never know exactly what it has done because that part is incredibly easy to change. It could just make your applications open or close and it could install software that captures every keystroke you make and sends it “home”. So, you get infected and you visit your online banking site…you have just sent your banking site’s username and password to the bad guy and didn’t even know it.

The vulnerability is…guess…A Microsoft problem. **SHOCK**. The problem effects every version of Windows since 1990. Microsoft has said they will release a patch in 7 days. During that time we fully expect this thing to wrap around the world several times resulting in a very VERY bad situation.
Thanks M$. Tom Liston posted this at ISC which sums up my thoughts well.

Thankfully, the geek community has pulled together and came up with a patch that will take care of the problem. Microsoft be damned.

If you are unsure if you are safe from this bug, trust me that you ARE NOT safe from this bug. If you are running a fully patched Windows computer, you are vulnerable and swinging in the breeze. Patch yourself NOW by doing the following:

* Right Click here

* select “save link as” (if you don’t see ‘save link as’ then you aren’t using Firefox. Get it here .)

* select a location to save the file and make note of that location. I recommend “Desktop”.

* Once the file is downloaded, go to your desktop, find the file, and double click it.

* Answer in the affirmative to whatever questions are asked.

This patch has been tested by the best network security engineers in the world. It is the ONLY thing that will protect you from this thing. Since we can’t trust Micro$oft, we have to trust ourselves. Read Tom Liston’s piece on Trustworthy Computing here, it explains why we have to trust this patch.

For the technical folks out there, you can read the following links for a detailed analysis of this monster.

http://isc.sans.org/diary.php?date=2005-12-31

http://www.f-secure.com/weblog/archives/archive-122005.html#00000752 start here and read up to see how my New Year’s Eve was spent for the most part.
đŸ˜‰

Welcome to 2006 folks.

Last modified on January 3, 2006

Categories: InfoSec
Comments Off on Windows metafile vulnerability

« | Home | »

Comments are closed.

%d bloggers like this: