Wirehead Studios

General Discussion => Controversy Corner => Topic started by: Phoenix on 2006-01-03, 03:35



Title: Watch Where You Surf... (This one is serious)
Post by: Phoenix on 2006-01-03, 03:35
Quote
Unlike most attacks, which require victims to download or execute a suspect file, the new vulnerability makes it possible for users to infect their computers with spyware or a virus simply by viewing a web page, e-mail or instant message that contains a contaminated image.
http://news.ft.com/cms/s/0d644d5e-7bb3-11d...00779e2340.html (http://news.ft.com/cms/s/0d644d5e-7bb3-11da-ab8e-0000779e2340.html)

This one affects ALL versions of Windows.  There is no patch for it yet either, so be damned careful.


Title: Re: Watch Where You Surf...
Post by: Makou on 2006-01-06, 08:08
Microsoft has apparently released the official patch for this exploit. Whether it truly fixes the problem is something I don't know, and if you're still running a version that they no longer officially support, you're probably screwed. Still, I figure it's worth mentioning.


Title: Re: Watch Where You Surf...
Post by: Lopson on 2006-01-06, 09:12
So the update was for this exploit. At least they reacted.


Title: Re: Watch Where You Surf...
Post by: Phoenix on 2006-01-06, 10:42
Yes, the patch is out to fix this.  Here (http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx) is the security bulletin.


Title: Re: Watch Where You Surf...
Post by: shambler on 2006-01-06, 18:13
Thanks Phoenix. we best lay off the jpegs for awhile.......


Title: Re: Watch Where You Surf...
Post by: t0ts on 2006-01-06, 23:55
Does it affect you if you use another browser?
Can an antivirus like Symantec Client Security keep you safe from it?


Title: Re: Watch Where You Surf...
Post by: Tabun on 2006-01-07, 00:56
I think I'm going to surf dangerously, just for kicks. Let's see how bad this baby really is!

/me chuckles like a nutter then scurries off..


Title: Re: Watch Where You Surf...
Post by: Phoenix on 2006-01-07, 04:04
Tab:  Bad boy!  Bad!  No cookie for you! ^_^

Tots:  It's a flaw in the graphics rendering engine portion of Windows, specifically GDI32.dll.  It's a problem with the way it handles WMF metafile images, regardless of what the files are named.  Windows has this habit of just passing things off to the default handler instead of checking to see "oh wait, you're different from what you're supposed to be so I should alert the user".  It's the difference between pass by default and fail by default when an anomalous condition arises.  Fail by default is safe, but user-intensive.  Pass by default is dangerous, but requires no user intervention.  Guess which route Microsoft usually takes?  Guess why their OS gets hacked every other week?

It's true that Mozilla and Opera usually prompt you as to "what to do with a file" instead of just opening it, but that depends on your settings.  Also, if you do accidentally open the file, you're screwed since (guess what) it's getting passed off to Windows.  Then there's third-party utility programs like Google Desktop to worry about, browser toolbars, etc....  Let's not even bring up spyware infections that circumvent everything.  That's the problem with OS-level vulnerabilities.  Sure, the frontend browser itself might be safe, but something else might act stupid and dump it back to the OS.

The only safe thing to do is patch Windows.  Go run Windows Update if you haven't already. ;)