Act: Already Bad WMF Exploit Will Only Get Worse
Monday, 02 January 2006 by Michel Roth
Not such a nice beginning of the new year....

On December 31st, a new and improved version of the WMF exploit has been published. The new exploit generated WMF files that were different enough to bypass nearly all Anti-Virus and IDS signatures. Different methods of distributing the virus, such as e-mails and instant messenger chats have already been seen in the wild, as more and more worms and trojans have been utilising the exploit to gain access to computers running the Windows operating system.

Basically you're stuck between a rock and a hard place:
• You cannot wait for the official MS patch
• You cannot block this one at the border
• You cannot leave your systems unprotected

SANS and many other security sites recommend un-registering Shimgvw.dll (Microsoft picture and fax viewer) and using the unofficial patch to protect aginst the virus, until Microsoft can release an official patch. A virus scanner simply isn't enough to protect against some of the more advanced variants of the exploit.

Read (lots) more here.

Related Items:

Comparison Between 50 Anti-Virus Products (20 February 2006)
Four unpatched Windows vulnerabilities disclosed wìth PoC (24 December 2004)
Neoware Introduces Neoware Security Center (9 May 2006)
Microsoft Windows IPv6 Remote Denial Of Service Vulnerability (18 May 2005)
F-Secure for Citrix Servers Critical Vulnerability (15 February 2005)
EPAFactory Enhances Security For Citrix Access Gateway Users through Agreement with OPSWAT (28 July 2006)
Sober Worm Cracked (14 December 2005)
Virus Scanning And Virtual Machines (25 January 2006)
Exploits Already Out For New Microsoft Vulnerabilities (14 October 2005)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy