Posted on 01/02/2006 9:57:45 AM PST by emiller
Quick Background:
The active exploitation of a very serious vulnerability in all versions of Windows was discovered in late December.
Word of this spread rapidly through the hacker community many of whom where presumably on Holiday vacation from school, bored, and looking for something to do.
So several days later nearly one hundred different instances of exploitation of this newly discovered vulnerability had been found.
Note that this is not a "new vulnerability" it (and perhaps other similar bugs) have been lying unknown in Windows since 1991. What's "new" is the discovery of this long-present vulnerability in WIndows' metafile processing.
Almost immediately there were reports of an MSN Messenger worm, and now F-Secure is reporting that "Happy New Year" SPAM eMail is carrying the exploit.
Anti-Virus vendors quickly updated and began pushing out their A-V signature files. This have been effective, but a new very flexible exploit generation tool has appeared that's able to create so many different variations of the exploit that A-V signatures are being bypassed.
Microsoft responded with an acknowledgement of the problem and a very weak workaround (the shimgvw.dll unregistration). But this is not
(Excerpt) Read more at grc.com ...
Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.
Apple and Mac's are great product designs and their OS is good, but what do you do if you use a stock trading program that only works on Windows? I still think Mac's are slower than a good PC.
gibson research is one of the best
Several major security firms have decompiled, vetted, endorsed and provided links to this "unofficial" patch. It is being offered with full disclosure.
Bump for later digestion.
Isn't that a little like a way to stop from being disappointed when your favorite NFL team loses?
ML/NJ
The solution from GRC is not a patch. It just unregisters (disables) the nonvital program (DLL) that allows the hackers to exploit the Windows flaw.
save for later reading
Saddly the patch does not cover win98.
I trust Steve Gibson more than I trust microsoft. I have used his tests, fixes and patches for years.
I think there are two solutions mentioned / linked.
The first is Microsoft's own suggestion - which is to unregister the Dynamic Load Library. The second is actually a program, to install on your machine.
According to Laporte's explanation yesterday - the bug works because the thumbnail display is not a tiny bitmap, it's actually a program, which includes as the "else" if the thumbnail doesn't display properly, the capability to add some code as an error message.
Thing is, the code can be executable. It can be anything.
The installed fix actually removes that "else" logic. At least that's what he was saying.
Interesting note: tried to download the "test" from the security website - firewall blocked it, thinking it was the actual attack.
Details on Steve Gibson:
http://www.grc.com/privacy.htm
I guess that your system could get the bird flu.
"Is it possible to have two OSs loaded concurrently on the same PC? I'd like to be able to hotkey between the two, without a reboot. It's okay if they "suspend" when not in the foreground. Or could Windows be run as a task within Linux?"
Check out Xandros.
http://www.xandros.com/
I run a lot of Windoze programs under it. I have it on my laptop and the dual booting went flawlessly. It took about 12 minutes to install it.
Here is the actual product that I purchased.
http://www.xandros.com/products/home/desktopdlx/dsk_dlx_intro.html
OK, sport, I just downloaded the fix and installed it. But I feel like I just opened the back door on my all-in-one footie-jammies...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.