Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Windows SERIOUS Security flaw-- (Link to patch fix )
Security Now ^ | 01-02-05

Posted on 01/02/2006 9:57:45 AM PST by emiller

Quick Background:

The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.

Word of this spread rapidly through the hacker community — many of whom where presumably on Holiday vacation from school, bored, and looking for something to do.

So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.

Note that this is not a "new vulnerability" — it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows' metafile processing.

Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying the exploit.

Anti-Virus vendors quickly updated and began pushing out their A-V signature files. This have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are being bypassed.

Microsoft responded with an acknowledgement of the problem and a very weak workaround (the shimgvw.dll unregistration). But this is not

(Excerpt) Read more at grc.com ...


TOPICS: Crime/Corruption
KEYWORDS: internetexplorer; malware; patch; spyware; windows
Navigation: use the links below to view more comments.
first 1-5051-75 next last
I got this link from Leo Laporte
1 posted on 01/02/2006 9:57:46 AM PST by emiller
[ Post Reply | Private Reply | View Replies]

To: emiller

Yes, I posted the link on a thread the other day, but good to have it again. Gibson research can be trusted.

But, be SURE to bookmark this website so you can restore this function after Microsoft issues a patch. Otherwise, thumbnails may not work correctly, among other things.

Gibson tells you how to turn it back on when it's been patched.


2 posted on 01/02/2006 10:00:49 AM PST by Cicero (Marcus Tullius)
[ Post Reply | Private Reply | To 1 | View Replies]

To: emiller
Why would I want to get a Windows patch from a non-Microsoft site? Sounds really dangerous to me. Could potentially fowl up my system in the long run.
3 posted on 01/02/2006 10:01:20 AM PST by bnelson44 (Proud parent of a tanker! (Charlie Mike, son))
[ Post Reply | Private Reply | To 1 | View Replies]

To: emiller
I love my Mac and not needing to worry about viruses like on my pc. Last week I spent forever removing viruses from other people's pcs.
4 posted on 01/02/2006 10:01:21 AM PST by Andy from Beaverton (I only vote Republican to stop the Democrats)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Andy from Beaverton
Here's a link to fix Window's security flaws forever:

AppleStore

5 posted on 01/02/2006 10:04:23 AM PST by SteveMcKing ("No empire collapses because of technical reasons. They collapse because they are unnatural.")
[ Post Reply | Private Reply | To 4 | View Replies]

To: bnelson44

Gibson Research is more trustworthy than Microsoft on security issues.


6 posted on 01/02/2006 10:04:35 AM PST by Abcdefg
[ Post Reply | Private Reply | To 3 | View Replies]

To: emiller

If you use Outlook - it's best to turn off the "preview" option for your inbox.

Theoretically, the bug can be exploited even if you don't open an email, by way of the preview. (at least that's what Laporte was saying yesterday).

This poster risked running the "hot fix" linked to from Laport's website (I think that's the one mentioned above) - now hoping that was the right thing to do. :)


7 posted on 01/02/2006 10:05:35 AM PST by Cringing Negativism Network
[ Post Reply | Private Reply | To 1 | View Replies]

To: Abcdefg

But your talking about a patch to the OS. No one knows the OS as well as MS. Lots of hidden stuff in the OS.


8 posted on 01/02/2006 10:05:55 AM PST by bnelson44 (Proud parent of a tanker! (Charlie Mike, son))
[ Post Reply | Private Reply | To 6 | View Replies]

To: emiller

Windows IS a security flaw.


9 posted on 01/02/2006 10:06:25 AM PST by Spktyr (Overwhelmingly superior firepower and the willingness to use it is the only proven peace solution.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: emiller

I love my Mac(s)!!

10 posted on 01/02/2006 10:06:40 AM PST by big'ol_freeper ("Freedom consists not in doing what we like, but in having the right to do what we ought." Pope JPII)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Andy from Beaverton
I like the danger of potentially getting viruses and worms on my PC. There's just no danger or "living on the edge" with a Mac. :)
11 posted on 01/02/2006 10:07:05 AM PST by jdm (QOY "I'd hit it. Then I'd turn it over, praise Allah, and hit it again." Lazamataz on Osama's niece.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: emiller
Ubuntu Linux Live CD

Boot Linux from a CD! Doesn't affect your existing OS installation in any way. Great way to check out linux for beginners.
12 posted on 01/02/2006 10:10:33 AM PST by joseph20
[ Post Reply | Private Reply | To 1 | View Replies]

To: Andy from Beaverton

Mac? What's a Mac? Hmmmm. Oh! That computer I use to run the Folding project on. Wish it were a bit faster. But I guess that will change with the switch to Intel, eh?


13 posted on 01/02/2006 10:10:39 AM PST by VeniVidiVici (What? Me worry?)
[ Post Reply | Private Reply | To 4 | View Replies]

To: bnelson44
Why would I want to get a Windows patch from a non-Microsoft site?

I've never had to use anything from Gibson...but they have gotten good
reviews from the two big computer/technology radio shows in Los Angeles
over the past 4-5 years.
That's on the KABC (790AM) and the Jeff Levy Show that used to be
on KFI (moved to KNX?)...and Gibson wasn't an advertizer as far
as I could tell.
14 posted on 01/02/2006 10:10:46 AM PST by VOA
[ Post Reply | Private Reply | To 3 | View Replies]

To: joseph20
If you're looking for a good alternative to Windows with a CD/DVD based run-time, my opinion is that Knoppix is the way to go.
15 posted on 01/02/2006 10:19:03 AM PST by free_at_jsl.com
[ Post Reply | Private Reply | To 12 | View Replies]

To: ShadowAce

Ping! Hit any key to continue.


16 posted on 01/02/2006 10:22:52 AM PST by Still Thinking (Disregard the law of unintended consequences at your own risk.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bnelson44

disabled, thanks


17 posted on 01/02/2006 10:28:33 AM PST by wildcatf4f3 (the friend of my enemy is my enemy)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Still Thinking
Hit any key to continue.

I don't get it - which one is the "any" key ???

18 posted on 01/02/2006 10:31:39 AM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Andy from Beaverton

Folks, don't do that in a forum like this. I am with you on the advantages of a Mac, but that isn't what people are looking for.

I have come on this forum before to get an answer to something, only to have people say "Get a PC", and then things degenerate into a flame war. It doesn't help.

I am a lifelong Apple user, and our comments like that only irritate Windows users. I have had a lot of luck getting friends, family and employees to try out the Mac, and they usually like them. But telling them the solution to their problems is buying a Mac isn't the way to do it.

Granted, the position of Mac users and viruses/spyware/trojans is very favorable, but we need to get the point across in a different way.

(Steps off soapbox)


19 posted on 01/02/2006 10:38:50 AM PST by rlmorel ("Innocence seldom utters outraged shrieks. Guilt does." Whittaker Chambers)
[ Post Reply | Private Reply | To 4 | View Replies]

To: free_at_jsl.com; joseph20

Gotta use Windows in my work, but would like to try Linux for everything else. (I used Linux years ago and am told it has improved greatly in terms of usability; it was always rock-solid.)

Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?


20 posted on 01/02/2006 10:39:00 AM PST by RightOnTheLeftCoast (You're it)
[ Post Reply | Private Reply | To 15 | View Replies]

To: emiller

Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.


21 posted on 01/02/2006 10:39:05 AM PST by Company Man
[ Post Reply | Private Reply | To 1 | View Replies]

To: SteveMcKing

Apple and Mac's are great product designs and their OS is good, but what do you do if you use a stock trading program that only works on Windows? I still think Mac's are slower than a good PC.


22 posted on 01/02/2006 10:39:21 AM PST by garyhope (Happy, healthy, prosperous New Year to all good Freepers and our brave military.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: bnelson44

gibson research is one of the best


23 posted on 01/02/2006 10:39:32 AM PST by staytrue
[ Post Reply | Private Reply | To 3 | View Replies]

To: emiller

Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.


24 posted on 01/02/2006 10:39:43 AM PST by Company Man
[ Post Reply | Private Reply | To 1 | View Replies]

To: Andy from Beaverton
I love my Mac and not needing to worry about viruses like on my pc. Last week I spent forever removing viruses from other people's pcs.


the problem isnt with PC's the problem is with windows... my linux box is more secure then any mac or windows box.. and btw mac's do have plenty of virus's out there.
25 posted on 01/02/2006 10:41:58 AM PST by Element187
[ Post Reply | Private Reply | To 4 | View Replies]

To: emiller

Bump for later digestion.


26 posted on 01/02/2006 10:42:32 AM PST by Bloody Sam Roberts (Crime cannot be tolerated. Criminals thrive on the indulgences of society's understanding.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: SteveMcKing
Here's a link to fix Window's security flaws forever:
AppleStore

Isn't that a little like a way to stop from being disappointed when your favorite NFL team loses?

ML/NJ

27 posted on 01/02/2006 10:43:14 AM PST by ml/nj
[ Post Reply | Private Reply | To 5 | View Replies]

To: emiller
BUMP!
28 posted on 01/02/2006 10:44:49 AM PST by FreeKeys ("Certain kinds of economic controls tend to paralyze the driving forces of a free society."-FA Hayek)
[ Post Reply | Private Reply | To 1 | View Replies]

To: RightOnTheLeftCoast
Gotta use Windows in my work, but would like to try Linux for everything else. (I used Linux years ago and am told it has improved greatly in terms of usability; it was always rock-solid.)

Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?



Yes linux has come along way since the early 90's.. you can dual boot, but it requires a reboot to switch into the other... and yes you can run windows as a process under linux.. VMware will do the trick.. and also winex.

the user interface in the latest versions of gnome or kde looks alot better then windows (and because of how much customization you can do with gnome/kde, it looks better then a mac), and like always alot faster and stable then windows... i use gentoo linux, but thats probably too advanced for most users.
29 posted on 01/02/2006 10:47:49 AM PST by Element187
[ Post Reply | Private Reply | To 20 | View Replies]

To: bnelson44

The solution from GRC is not a patch. It just unregisters (disables) the nonvital program (DLL) that allows the hackers to exploit the Windows flaw.


30 posted on 01/02/2006 10:49:54 AM PST by Abcdefg
[ Post Reply | Private Reply | To 8 | View Replies]

To: emiller

save for later reading


31 posted on 01/02/2006 10:52:56 AM PST by A knight without armor
[ Post Reply | Private Reply | To 1 | View Replies]

To: emiller

Saddly the patch does not cover win98.


32 posted on 01/02/2006 10:56:50 AM PST by Revel
[ Post Reply | Private Reply | To 1 | View Replies]

To: bnelson44

I trust Steve Gibson more than I trust microsoft. I have used his tests, fixes and patches for years.


33 posted on 01/02/2006 10:57:38 AM PST by TaxRelief
[ Post Reply | Private Reply | To 3 | View Replies]

To: Abcdefg

I think there are two solutions mentioned / linked.

The first is Microsoft's own suggestion - which is to unregister the Dynamic Load Library. The second is actually a program, to install on your machine.

According to Laporte's explanation yesterday - the bug works because the thumbnail display is not a tiny bitmap, it's actually a program, which includes as the "else" if the thumbnail doesn't display properly, the capability to add some code as an error message.

Thing is, the code can be executable. It can be anything.

The installed fix actually removes that "else" logic. At least that's what he was saying.

Interesting note: tried to download the "test" from the security website - firewall blocked it, thinking it was the actual attack.


34 posted on 01/02/2006 10:59:23 AM PST by Cringing Negativism Network
[ Post Reply | Private Reply | To 30 | View Replies]

To: TaxRelief

Details on Steve Gibson:

http://www.grc.com/privacy.htm


35 posted on 01/02/2006 10:59:57 AM PST by TaxRelief
[ Post Reply | Private Reply | To 33 | View Replies]

To: bnelson44
Could potentially fowl up my system...

I guess that your system could get the bird flu.

36 posted on 01/02/2006 11:00:56 AM PST by FreePaul
[ Post Reply | Private Reply | To 3 | View Replies]

To: RightOnTheLeftCoast

"Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?"

Check out Xandros.

http://www.xandros.com/

I run a lot of Windoze programs under it. I have it on my laptop and the dual booting went flawlessly. It took about 12 minutes to install it.


37 posted on 01/02/2006 11:01:41 AM PST by taxed2death (A few billion here, a few trillion there...we're all friends right?)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Abcdefg
The other thread contains a link to real patch.
38 posted on 01/02/2006 11:02:01 AM PST by derllak
[ Post Reply | Private Reply | To 30 | View Replies]

To: RightOnTheLeftCoast

Here is the actual product that I purchased.


http://www.xandros.com/products/home/desktopdlx/dsk_dlx_intro.html


39 posted on 01/02/2006 11:05:04 AM PST by taxed2death (A few billion here, a few trillion there...we're all friends right?)
[ Post Reply | Private Reply | To 20 | View Replies]

To: emiller

OK, sport, I just downloaded the fix and installed it. But I feel like I just opened the back door on my all-in-one footie-jammies...


40 posted on 01/02/2006 11:05:16 AM PST by Snardius (Some women want to walk hand in hand through the park; sing them a song; bite them on the spine...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: emiller

Thanks for the link; I'd not heard of Gibson before. Sorry it took all of four posts before the flamebait from Mac users came out.


41 posted on 01/02/2006 11:14:26 AM PST by Turbopilot (Nothing in the above post is or should be construed as legal research, analysis, or advice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Revel
Saddly the patch does not cover win98.

Check to see if even you have the shimgvw.dll (Windows Picture and Fax Viewer Library) on your system. My two Windows 98 systems do not.

As I suspected, the wmf_checker_hexblog.exe file (which you'll find if you go to the linked article) reported that my Win98 systems are not susceptible to this exploit.

Here's a link to the file:
Download Ilfak's WMF Vulnerability Checker (3.6 kb)

42 posted on 01/02/2006 11:25:07 AM PST by holymoly ("A lot" is TWO words.)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Prov3456

ping to self


43 posted on 01/02/2006 11:40:52 AM PST by Prov3456
[ Post Reply | Private Reply | To 2 | View Replies]

To: holymoly

Thank you. The GRC site says that windows 98 is affected. The test says it is not.


44 posted on 01/02/2006 11:54:54 AM PST by Revel
[ Post Reply | Private Reply | To 42 | View Replies]

To: Revel
Saddly the patch does not cover win98.

Try here. But be aware that this is not the same as Ilfak's patch. I have not tried it nor read any comments from anyone who has.
45 posted on 01/02/2006 12:05:02 PM PST by derllak
[ Post Reply | Private Reply | To 32 | View Replies]

To: emiller
I've seen a bit of posting about this particular windows defect, but one thing I've not really seen pointed out is that sites like FreeRepublic could easily be a vector for this attack. All someone has to do is post a link to an infected image, and *poof* everyone who loads that page gets toasted. If you're running windows, you should be very wary of any site you go to until you are fully patched to guard against this.
46 posted on 01/02/2006 12:09:23 PM PST by zeugma (Warning: Self-referential object does not reference itself.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

What ever program views wmf files in win98 may still be vulnerable. It may be that these security companies are just ignoring telling us the details for windows98. Windows 98 is mentioned as being vulnerable in several places. I just can't find any details about it. Here is one link which lists all of the vulnerable operating systems.

http://www.securityfocus.com/bid/16074/info


47 posted on 01/02/2006 12:10:28 PM PST by Revel
[ Post Reply | Private Reply | To 42 | View Replies]

To: emiller

No patch for Windows 98, 98 SE or ME.


48 posted on 01/02/2006 12:15:38 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bnelson44

grc.com is a highly recommended site.


49 posted on 01/02/2006 12:28:44 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Abcdefg

"Gibson Research is more trustworthy than Microsoft on security issues."

LOL! I must agree.


50 posted on 01/02/2006 12:30:16 PM PST by Baraonda (Demographic is destiny. Don't hire 3rd world illegal aliens nor support businesses that hire them.)
[ Post Reply | Private Reply | To 6 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-75 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson