Microsoft Windows’ Zero-Day WMF flaw threats widespread; Macintosh unaffected

“As bleaker details emerged Thursday about the threat posed by a zero-day vulnerability in Windows, Microsoft said it would produce a patch for the flaw but declined to put the fix on a timetable,” Gregg Keizer reports for TechWeb News. “In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. Windows 2000 SP4, Windows XP [Service Pack 1 and Service Pack 2 as well as Windows Server 2003 with Service Pack 0 and Service Pack 1 – source: Secunia, see below], Windows Server 2000, Windows 98, and Windows Millennium can be attacked using the newly-discovered vulnerability in WMF (Windows Metafile) image file parsing, said Microsoft.” It can be exploited when an Internet Explorer user, or Firefox user visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer.

“And other details began emerging Thursday that indicated the threat may be worse than originally believed,” Keizer reports. “‘It’s really easy to get this thing,’ said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. ‘The exploit will even work through a DOS box.’ … At the moment, say the experts, exploits are “only” installing spyware and/or fake anti-spyware software. That’s bad enough, said two security firms, including one that specializes in combating spyware. ‘Now we’re seeing many more using this to install bad stuff,’ said Alex Eckelberry, president of anti-spyware developer Sunbelt Software. ‘This is a really bad exploit. Be careful out there.'”

Full article here.

Secunia Advisory: Microsoft Windows WMF “SETABORTPROC” Arbitrary Code Execution
• Extremely critical
• Description: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of Windows Metafile files (“.wmf”) containing specially crafted SETABORTPROC “Escape” records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious “.wmf” file in “Windows Picture and Fax Viewer” or previewing a malicious “.wmf” file in explorer (i.e. opening a folder containing a malicious image file).

The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.

NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like “.jpg”, “.gif, “.tif”, and “.png” etc.

The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.

Secunia Advisory here.

“Microsoft really has improved the security of its code over the last few years. The fact that every now and then a bug like the new WMF bug still comes along just goes to show how careless the old code is,” Larry Seltzer reports for eWeek. “The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences. Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug… I’m hesitant at this point to go into details until there is a patch, but my own research confirms that the potential for spreading this attack far and wide is immense and that easier vectors than Web pages exist.”

“Adware sites appear to be going hog-wild with this attack. According to Sunbelt Software, over a thousand sites are spreading more than 50 variants of it, thanks to an underground adware infection network that acts something like the DoubleClick of adware,” Seltzer reports. “Rather than try to keep the format useful for its customers, Microsoft ought to think of saving the rest of the world; WMF has become poisoned and it’s time for customers to move on.”

Full article here.
Windows-only users, are you enjoying your experience, yet? Have you finally had enough? There is a better way. A far, far, far better way: Macintosh. Because life’s too short.

Advertisements:
The New iPod with Video. The ultimate music & video experience on the go. From $299. Free shipping.
Connect iPod to your television set with the iPod AV Cable. Just $19.00.
The New iMac G5. Built-in camera and remote control. From $1299. Free shipping.
Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.

Related MacDailyNews articles:
Mac tips for former Windows users – December 28, 2005
Switching from Microsoft Windows to Apple Macintosh – December 04, 2005
Apple’s Mac OS X, Safari web browser show market share gains – December 03, 2005
Want to switch to Mac? Mossberg answers common questions – November 10, 2005
Why people are switching from Microsoft’s Windows to Apple’s Mac OS X – November 09, 2005
Windows PC retailers face tough holiday season, meanwhile Apple stores are packed as Mac sales surge – November 09, 2005
Analyst estimates over a million Windows to Mac switchers during 2005’s first three quarters – November 07, 2005
Windows sufferers: It’s not your fault, but it is your problem – switch to Mac – November 07, 2005
Tech writer: Windows PCs highly vulnerable to zombie hijacking; get an Apple Mac instead – November 06, 2005
Windows switchers, now’s your chance: Apple Mac mini with Mac OS X Tiger for $379 – November 03, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
Mossberg: Switching from Windows to Mac – software not an expensive proposition – September 30, 2005
Windows to Mac switchers: recommendations and Total Cost of Ownership analysis – September 29, 2005
Switching from Windows to Mac is easy and liberating – September 14, 2005
Mossberg offers resources for Windows users interested in switching to Apple Mac – August 18, 2005
Windows users’ questions and concerns answered about Windows to Mac switch – July 27, 2005
Get your Outlook info off your PC and onto your Mac – March 05, 2003
The best way to transfer Windows Outlook folders to Mac OS X – January 22, 2003

Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
NY Times’ Pogue: Apple’s iMac G5 with sleek, virus-free, spyware-free OS earns place in living room – October 19, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec: 10,866 new Microsoft Windows virus and worm variants in first half 2005 – September 19, 2005
How to avoid viruses and malware? Dump your Windows PC and get an Apple Macintosh – August 22, 2005
Do Apple Mac OS X users need antivirus software? – August 22, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Intel CEO Otellini: If you want security now, buy a Macintosh instead of a Wintel PC – May 25, 2005
There are no viruses for Apple’s Mac OS X – May 13, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Defending Windows over Mac a sign of mental illness – December 20, 2003

41 Comments

  1. “as well as Windows Server 2003 with Service Pack 0 and Service Pack 1”
    i don’t see that in the article? not that i mind ” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />

  2. “I hope Windows users forget all this when Mac OS X gains share and we start seeing viruses show up for it.”

    Don’t hold your breath waiting for it to happen pal. It’s already been over 5 years and yet there are still ZERO viruses for Mac OS X out there. Market share has nothing to do with it.

  3. Sorry guys,

    While in my Windows-induced stupo..I mean… trance, I somehow forgot, that Unix-based systems akin to Mac OS X abound in mission-critical systems the world over and is too permissions-bound for .exe automatic executables to ever get anywhere.

    Thus, ignore what I just said in my previous post.

    Create as many Unix viruses as you want, but they will just sit on your computer forever– ad infinitum, ad nauseum.

    Mac OS X virus = All dressed up, with nowhere to go.

    MDN MW = aid
    as in
    OS X does not aid virus self-replication the way Windows does.
    ” width=”19″ height=”19″ alt=”tongue wink” style=”border:0;” />

  4. I just fookin’ love this, I’m gonna curl up and lick myself to sleep. Twenty years of loathing msdos and this little machead is getting a little payback. Come on 2006, I have a warm feeling.

  5. Fellow Mac users. Do you ever feel that Winduz users are like horses with their barn on fire?
    We Mac people keep trying to lead them out to safety, towards a nice new barn that is NOT on fire (and likely fire PROOF) but they keep turning around and blindly running back into the flaming barn because it’s been the only “home” they know.

  6. <“Whats that? Another piece of duct tape fell off the Wall of Windows?!?! Quick put another piece there b4 it falls apart!” Yells the MS drill sergeant.
    “YES SIR!” screams the lacky.
    SQUASH goes the lacky when it falls on him.>

    Anything else need to be said? Oh ya.

    Macintosh, because life is to short.

    MDN I cracked up when I read that at the end of the article, lets make it a reality yet!

  7. My computer at work has been attacked twice today! I had to restore it once and was able to fend off the other attack! I even had McAfee virus crap loaded on there.

    Windoze sucks now more that ever.

    And then I come home to my Mac…… Ahhhhhhh!

  8. February 2006 will be four years since we purchased our first Mac OSx machine.

    That is four years with no viruses, no data loss, no downtime, no blue-screen-of death and not even a single hang or reboot.

    I haven’t been so happy computing since I bought my first KayPro IV (cp/m based) in 1983.

    The Mac just works. Stable, secure.

    Thank you Apple & Steve Jobs.

    Lost Budgie Blog

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.