Windows SERIOUS Security flaw-- (Link to patch fix )

Security Now ^ | 01-02-05

[emiller]

Quick Background:

The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.

Word of this spread rapidly through the hacker community — many of whom where presumably on Holiday vacation from school, bored, and looking for something to do.

So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.

Note that this is not a "new vulnerability" — it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows' metafile processing.

Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying the exploit.

Anti-Virus vendors quickly updated and began pushing out their A-V signature files. This have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are being bypassed.

Microsoft responded with an acknowledgement of the problem and a very weak workaround (the shimgvw.dll unregistration). But this is not

[emiller]

I got this link from Leo Laporte

[Cicero]

Yes, I posted the link on a thread the other day, but good to have it again. Gibson research can be trusted.

But, be SURE to bookmark this website so you can restore this function after Microsoft issues a patch. Otherwise, thumbnails may not work correctly, among other things.

Gibson tells you how to turn it back on when it's been patched.

[bnelson44]

Why would I want to get a Windows patch from a non-Microsoft site? Sounds really dangerous to me. Could potentially fowl up my system in the long run.

[Andy from Beaverton]

I love my Mac and not needing to worry about viruses like on my pc. Last week I spent forever removing viruses from other people's pcs.

[SteveMcKing]

Here's a link to fix Window's security flaws forever:

AppleStore

[Abcdefg]

Gibson Research is more trustworthy than Microsoft on security issues.

[Cringing Negativism Network]

If you use Outlook - it's best to turn off the "preview" option for your inbox.

Theoretically, the bug can be exploited even if you don't open an email, by way of the preview. (at least that's what Laporte was saying yesterday).

This poster risked running the "hot fix" linked to from Laport's website (I think that's the one mentioned above) - now hoping that was the right thing to do. :)

[bnelson44]

But your talking about a patch to the OS. No one knows the OS as well as MS. Lots of hidden stuff in the OS.

[Spktyr]

Windows IS a security flaw.

[big'ol_freeper]

I love my Mac(s)!!

[jdm]

I like the danger of potentially getting viruses and worms on my PC. There's just no danger or "living on the edge" with a Mac. :)

[joseph20]

Ubuntu Linux Live CD

Boot Linux from a CD! Doesn't affect your existing OS installation in any way. Great way to check out linux for beginners.

[VeniVidiVici]

Mac? What's a Mac? Hmmmm. Oh! That computer I use to run the Folding project on. Wish it were a bit faster. But I guess that will change with the switch to Intel, eh?

[VOA]

Why would I want to get a Windows patch from a non-Microsoft site?

I've never had to use anything from Gibson...but they have gotten good
reviews from the two big computer/technology radio shows in Los Angeles
over the past 4-5 years.
That's on the KABC (790AM) and the Jeff Levy Show that used to be
on KFI (moved to KNX?)...and Gibson wasn't an advertizer as far
as I could tell.

[free_at_jsl.com]

If you're looking for a good alternative to Windows with a CD/DVD based run-time, my opinion is that Knoppix is the way to go.

[Still Thinking]

Ping! Hit any key to continue.

[wildcatf4f3]

disabled, thanks

[Izzy Dunne]

Hit any key to continue.

I don't get it - which one is the "any" key ???

[rlmorel]

Folks, don't do that in a forum like this. I am with you on the advantages of a Mac, but that isn't what people are looking for.

I have come on this forum before to get an answer to something, only to have people say "Get a PC", and then things degenerate into a flame war. It doesn't help.

I am a lifelong Apple user, and our comments like that only irritate Windows users. I have had a lot of luck getting friends, family and employees to try out the Mac, and they usually like them. But telling them the solution to their problems is buying a Mac isn't the way to do it.

Granted, the position of Mac users and viruses/spyware/trojans is very favorable, but we need to get the point across in a different way.

(Steps off soapbox)

[RightOnTheLeftCoast]

Gotta use Windows in my work, but would like to try Linux for everything else. (I used Linux years ago and am told it has improved greatly in terms of usability; it was always rock-solid.)

Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?

[Company Man]

Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.

[garyhope]

Apple and Mac's are great product designs and their OS is good, but what do you do if you use a stock trading program that only works on Windows? I still think Mac's are slower than a good PC.

[staytrue]

gibson research is one of the best

[Company Man]

Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.

[Element187]

I love my Mac and not needing to worry about viruses like on my pc. Last week I spent forever removing viruses from other people's pcs.


the problem isnt with PC's the problem is with windows... my linux box is more secure then any mac or windows box.. and btw mac's do have plenty of virus's out there.

[Bloody Sam Roberts]

Bump for later digestion.

[ml/nj]

Here's a link to fix Window's security flaws forever:
AppleStore

Isn't that a little like a way to stop from being disappointed when your favorite NFL team loses?

ML/NJ

[FreeKeys]

BUMP!

[Element187]

Gotta use Windows in my work, but would like to try Linux for everything else. (I used Linux years ago and am told it has improved greatly in terms of usability; it was always rock-solid.)

Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?


Yes linux has come along way since the early 90's.. you can dual boot, but it requires a reboot to switch into the other... and yes you can run windows as a process under linux.. VMware will do the trick.. and also winex.

the user interface in the latest versions of gnome or kde looks alot better then windows (and because of how much customization you can do with gnome/kde, it looks better then a mac), and like always alot faster and stable then windows... i use gentoo linux, but thats probably too advanced for most users.

[Abcdefg]

The solution from GRC is not a patch. It just unregisters (disables) the nonvital program (DLL) that allows the hackers to exploit the Windows flaw.

[A knight without armor]

save for later reading

[Revel]

Saddly the patch does not cover win98.

[TaxRelief]

I trust Steve Gibson more than I trust microsoft. I have used his tests, fixes and patches for years.

[Cringing Negativism Network]

I think there are two solutions mentioned / linked.

The first is Microsoft's own suggestion - which is to unregister the Dynamic Load Library. The second is actually a program, to install on your machine.

According to Laporte's explanation yesterday - the bug works because the thumbnail display is not a tiny bitmap, it's actually a program, which includes as the "else" if the thumbnail doesn't display properly, the capability to add some code as an error message.

Thing is, the code can be executable. It can be anything.

The installed fix actually removes that "else" logic. At least that's what he was saying.

Interesting note: tried to download the "test" from the security website - firewall blocked it, thinking it was the actual attack.

[TaxRelief]

Details on Steve Gibson:

http://www.grc.com/privacy.htm

[FreePaul]

Could potentially fowl up my system...

I guess that your system could get the bird flu.

[taxed2death]

"Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?"

Check out Xandros.

http://www.xandros.com/

I run a lot of Windoze programs under it. I have it on my laptop and the dual booting went flawlessly. It took about 12 minutes to install it.

[derllak]

The other thread contains a link to real patch.

[taxed2death]

Here is the actual product that I purchased.


http://www.xandros.com/products/home/desktopdlx/dsk_dlx_intro.html

[Snardius]

OK, sport, I just downloaded the fix and installed it. But I feel like I just opened the back door on my all-in-one footie-jammies...

[Turbopilot]

Thanks for the link; I'd not heard of Gibson before. Sorry it took all of four posts before the flamebait from Mac users came out.

[holymoly]

Saddly the patch does not cover win98.

Check to see if even you have the shimgvw.dll (Windows Picture and Fax Viewer Library) on your system. My two Windows 98 systems do not.

As I suspected, the wmf_checker_hexblog.exe file (which you'll find if you go to the linked article) reported that my Win98 systems are not susceptible to this exploit.

Here's a link to the file:
Download Ilfak's WMF Vulnerability Checker (3.6 kb)

[Prov3456]

ping to self

[Revel]

Thank you. The GRC site says that windows 98 is affected. The test says it is not.

[derllak]

Saddly the patch does not cover win98.

Try here. But be aware that this is not the same as Ilfak's patch. I have not tried it nor read any comments from anyone who has.

[zeugma]

I've seen a bit of posting about this particular windows defect, but one thing I've not really seen pointed out is that sites like FreeRepublic could easily be a vector for this attack. All someone has to do is post a link to an infected image, and *poof* everyone who loads that page gets toasted. If you're running windows, you should be very wary of any site you go to until you are fully patched to guard against this.

[Revel]

What ever program views wmf files in win98 may still be vulnerable. It may be that these security companies are just ignoring telling us the details for windows98. Windows 98 is mentioned as being vulnerable in several places. I just can't find any details about it. Here is one link which lists all of the vulnerable operating systems.

http://www.securityfocus.com/bid/16074/info

[Baraonda]

No patch for Windows 98, 98 SE or ME.

[Baraonda]

grc.com is a highly recommended site.

[Baraonda]

"Gibson Research is more trustworthy than Microsoft on security issues."

LOL! I must agree.