“As bleaker details emerged Thursday about the threat posed by a zero-day vulnerability in Windows, Microsoft said it would produce a patch for the flaw but declined to put the fix on a timetable,” Gregg Keizer reports for TechWeb News. “In a security advisory posted on its Web site, Microsoft confirmed the vulnerability and the associated release of exploit code that could compromise PCs, and listed the operating systems at risk. Windows 2000 SP4, Windows XP [Service Pack 1 and Service Pack 2 as well as Windows Server 2003 with Service Pack 0 and Service Pack 1 – source: Secunia, see below], Windows Server 2000, Windows 98, and Windows Millennium can be attacked using the newly-discovered vulnerability in WMF (Windows Metafile) image file parsing, said Microsoft.” It can be exploited when an Internet Explorer user, or Firefox user visits a Web site that has malicious code on it or when a user previews .wmf format files with Windows Explorer.
“And other details began emerging Thursday that indicated the threat may be worse than originally believed,” Keizer reports. “‘It’s really easy to get this thing,’ said Shane Coursen, a senior technical analyst with Moscow-based Kaspersky Labs. ‘The exploit will even work through a DOS box.’ … At the moment, say the experts, exploits are “only” installing spyware and/or fake anti-spyware software. That’s bad enough, said two security firms, including one that specializes in combating spyware. ‘Now we’re seeing many more using this to install bad stuff,’ said Alex Eckelberry, president of anti-spyware developer Sunbelt Software. ‘This is a really bad exploit. Be careful out there.'”
Full article here.
Secunia Advisory: Microsoft Windows WMF “SETABORTPROC” Arbitrary Code Execution
• Extremely critical
• Description: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error in the handling of Windows Metafile files (“.wmf”) containing specially crafted SETABORTPROC “Escape” records. Such records allow arbitrary user-defined function to be executed when the rendering of a WMF file fails. This can be exploited to execute arbitrary code by tricking a user into opening a malicious “.wmf” file in “Windows Picture and Fax Viewer” or previewing a malicious “.wmf” file in explorer (i.e. opening a folder containing a malicious image file).
The vulnerability can also be exploited automatically when a user visits a malicious web site using Microsoft Internet Explorer.
NOTE: Exploit code is publicly available. This is being exploited in the wild. The vulnerability can also be triggered from explorer if the malicious file has been saved to a folder and renamed to other image file extensions like “.jpg”, “.gif, “.tif”, and “.png” etc.
The vulnerability has been confirmed on a fully patched system running Microsoft Windows XP SP2. Microsoft Windows XP SP1 and Microsoft Windows Server 2003 SP0 / SP1 are reportedly also affected. Other platforms may also be affected.
Secunia Advisory here.
“Microsoft really has improved the security of its code over the last few years. The fact that every now and then a bug like the new WMF bug still comes along just goes to show how careless the old code is,” Larry Seltzer reports for eWeek. “The problem with the WMF (Windows Metafile) file format turns out to be one of those careless things Microsoft did years ago with little or no consideration for the security consequences. Almost all exploits you read about are buffer overflows of some kind, but not this one. WMF files are allowed to register a callback function, meaning that they are allowed to execute code, and this is what is being exploited in the WMF bug… I’m hesitant at this point to go into details until there is a patch, but my own research confirms that the potential for spreading this attack far and wide is immense and that easier vectors than Web pages exist.”
“Adware sites appear to be going hog-wild with this attack. According to Sunbelt Software, over a thousand sites are spreading more than 50 variants of it, thanks to an underground adware infection network that acts something like the DoubleClick of adware,” Seltzer reports. “Rather than try to keep the format useful for its customers, Microsoft ought to think of saving the rest of the world; WMF has become poisoned and it’s time for customers to move on.”
Full article here.
Windows-only users, are you enjoying your experience, yet? Have you finally had enough? There is a better way. A far, far, far better way: Macintosh. Because life’s too short.
Advertisements:
• The New iPod with Video. The ultimate music & video experience on the go. From $299. Free shipping.
• Connect iPod to your television set with the iPod AV Cable. Just $19.00.
• The New iMac G5. Built-in camera and remote control. From $1299. Free shipping.
• Apple USB Modem. Easily connect to the Internet using your dial-up service. $49.00.
Related MacDailyNews articles:
Mac tips for former Windows users – December 28, 2005
Switching from Microsoft Windows to Apple Macintosh – December 04, 2005
Apple’s Mac OS X, Safari web browser show market share gains – December 03, 2005
Want to switch to Mac? Mossberg answers common questions – November 10, 2005
Why people are switching from Microsoft’s Windows to Apple’s Mac OS X – November 09, 2005
Windows PC retailers face tough holiday season, meanwhile Apple stores are packed as Mac sales surge – November 09, 2005
Analyst estimates over a million Windows to Mac switchers during 2005’s first three quarters – November 07, 2005
Windows sufferers: It’s not your fault, but it is your problem – switch to Mac – November 07, 2005
Tech writer: Windows PCs highly vulnerable to zombie hijacking; get an Apple Mac instead – November 06, 2005
Windows switchers, now’s your chance: Apple Mac mini with Mac OS X Tiger for $379 – November 03, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
Mossberg: Switching from Windows to Mac – software not an expensive proposition – September 30, 2005
Windows to Mac switchers: recommendations and Total Cost of Ownership analysis – September 29, 2005
Switching from Windows to Mac is easy and liberating – September 14, 2005
Mossberg offers resources for Windows users interested in switching to Apple Mac – August 18, 2005
Windows users’ questions and concerns answered about Windows to Mac switch – July 27, 2005
Get your Outlook info off your PC and onto your Mac – March 05, 2003
The best way to transfer Windows Outlook folders to Mac OS X – January 22, 2003
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Microsoft apologists and why Apple’s Mac OS X has zero viruses – October 24, 2005
NY Times’ Pogue: Apple’s iMac G5 with sleek, virus-free, spyware-free OS earns place in living room – October 19, 2005
$500 bounty offered for proof of first Apple Mac OS X virus – September 27, 2005
Symantec: 10,866 new Microsoft Windows virus and worm variants in first half 2005 – September 19, 2005
How to avoid viruses and malware? Dump your Windows PC and get an Apple Macintosh – August 22, 2005
Do Apple Mac OS X users need antivirus software? – August 22, 2005
ZDNet: How many Mac OS X users affected by the last 100 viruses? None, zero, not one, not ever – August 18, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Intel CEO Otellini: If you want security now, buy a Macintosh instead of a Wintel PC – May 25, 2005
There are no viruses for Apple’s Mac OS X – May 13, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Defending Windows over Mac a sign of mental illness – December 20, 2003
Joe:
I personally think there are some out there trying very hard to create a virus for the Mac. Remember, to be malicious, it must replicate itself and move from one Mac to another.
Of course Apples can be hacked (if it’s standing still). Fairplay and OSx86 were more along the lines of reverse engineering. Also, they weren’t intended to take over and exploit every Mac they came across on the internet. Just going to a website did not install OSx86 on a Mac and make it execute the code.
We keep reading about FUD from some of these security firms and they swear they have found a vulnerability (as long as you invite them over, give them access to your Mac, and give them your admin password so they can prove to you it exists). Nothing in the wild as of yet.
Nothing!
I am not saying the Mac is invulnerable (I try to stay away from absolutes when it comes to security), but I believe it is very, very secure.
The first person to create a real virus for OS X will be famous the world over and will be a hero to Windows apologists everywhere. I don’t believe for a moment that some very talented people aren’t working on trying to achieve just one real security exploit for Mac.
That alone would make their whole career. To be the guy who cracked the Mac and made all the Mac-heads cry. There is a lot riding on this and you can bet there are people out there trying their hardest.
Will we have to eat crow? I’m not eating until someone proves to me Macs are as insecure as Windows PCs.
Don’t bother me if the first flaw shows up, call me when we reach 100,000.
~M
qka…
Excellent explanation of cookies. It should be pointed out that they can only be retrieved by the domain that sets them; NSA can’t fetch your Amazon cookies to see if you expressed an interest in <i>Partying with Osama<i>.
NSA (and other gov’t agencies) are allowed to use session cookies, that go away when you quit your browser – the issue here is persistent cookies – which can be used, but such use needs to be justified and explicitly explained in the site privacy policy page.
Supposedly, the NSA cookie thing is an error resulting from a software upgrade in which the new software by default used persistent cookies. This is somewhat plausible, but the CIA a couple of years ago had the exact same “problem” and got caught; one would think that the NSA would have learned from the error of their sister agency.
More to the point, this “error” comes on the heels of the far more serious NSA warrantless wiretap issue. I suspect that the cookie “problem” exists solely to divert some attention from that and to conflate the two issues, to ultimately minimize the seriousness of the apparently criminal wiretapping.
MW: “police” – I’m not kidding. How appropriate.
All the patches that M$ produces must take a lot of resources and cost them a lot of money. I wonder just how large a line item it is for them? At some point, it’s gonna reach a critical mass for them.
Joe – get back on the turnip truck. Sorry, i couldn’t resist. But really, you make a valid point, that no OS is perfect. What you fail to realize, though, because you aren’t a software engineer, is that MacOS X is engineered, whereas Windoze is not, and therein lies the difference. MacOS X will never be the mess that Windoze is (unless Apple fires all it’s software engineers and hires all of M$’s programmer monkeys).
Like Mozfan seyz, the fact there isn’t a MacOS X virus to date has nothing to do with marketshare nor lack of effort by hackers et al. You can bet that Symantec is hard at work trying to produce the first one, so they have something to point to when trying to sucker Mac users into buying their Mac Trojan (Symantec Virus Software, er, Anti-Virus).
I suspect the only anti-virus software a Mac user will ever need is Apple’s free Software Update. Crow will not be on the menu in the realm of Macintosh.
On the subject of Cookies, does anyone else want what I want…ie: to delete at the end of every session cookies from ALL sites other than those I select to keep. That way I only keep the cookies that enable me to ‘stay logged in’ to sites and not keep re-inputting passwards. Thus my friendly MDN ‘do no harm site’ cookies stay, while external advertising, unknowns and others get whisked off into the ether..
Wouldn’t that be the best?
Microsoft employees at it again in 2005 I see from the Darwin awards:
(31 May 2005, Seattle, Washington) Strength and endurance are two of
the most important characteristics that can be passed on to improve
the species, so physical challenges between males are frequent. In
this case, two drinking buddies found themselves on an overpass 40
feet above a busy freeway in downtown Seattle at 2:45 a.m. It turned
out to be the perfect place to determine who had more strength and
endurance. Whoever could dangle from the overpass the longest would
win!
Unfortunately, the winner was too tired from his victory to climb back
up, despite help from his 31-year-old friend. The unidentified
champion fell smack into the front of a semi-truck barreling down the
highway at 60 mph and bounced onto the pavement, where he was hit by a
car. The car did not stop. Authorities did not identify the winner
of the competition.
“Macintosh. Because life’s too short.”
Nice to see MDN running with this slogan. I believe it first appeared in their “Home for the Holidays” article on Dec. 27.
Random Coolzip …
Thanks for additional info. I had seen most of it, especially as related to the wiretap brouhaha. It’s just my post was already getting long, and I was trying to focus on technical rather than political issues.
Macaday…
Have you looked at Opera browser? It Of all the browsers I have used it had the most options for handling cookies. I haven’t looked too much at the current version 8.5 – now free – no longer ad supported!
There are various third party cookie managers available. For some examples see:
http://macupdate.com/search.php?keywords=cookies&os=macosx&button;.x=0&button;.y=0
WARNING I have NO experience with any of these programs. I am merely mentioning their existence as a public service. Use them at your own risk, et cetera, et cetera, et cetera. I am not advocating MacUpdate over VersionTacker over ???. It’s just what I happened to use. Feel free to seach for such software in any manner you like.
Of course you could develop your own solution, and get rich & famous from distributing it. (OK, so you won’t get rich. And probably not anymore famous than you are already here a t MDN. But give it a good try.)
MW = farm, as in “Joe, I bought your farm. You’ll have to move on.” Really.
i spit on windows… and anyone who defends microsoft is a fat pussy.
HAHAHAHAHA WINDOWS USERS S*CK
I’ve got my turtleneck sweater, blue jeans and baseball bat ready to kick some sorry PC assets.
Yes I’m part of Apple’s jack booted PC thumping thugs brigade.
Lets kick some butt!!!
Are you sure you wish to modify the Windows Zero-Day exploit to zero all data on any PC drive it infects?
YES
Mozfan & Rainyday:
You make some valid points, and as I said, I do realize that Mac OS X is inherently more secure than Windows. I don’t think that OS X would be the mess that Windows is no matter the marketshare.
I do think that there will eventually be a few viruses, though, and it worries me that some people are so overconfident as to have no defenses in place.
Joe, Joe, Joe,
Yes, someone will find an exploitable hole before Apple patches it. It happens every now and then.
But tell us, Joe the Farmer, how will they make a self replicating virus to exploit that hole? That’s the problem in a nutshell.
Very few holes exist on Mac OS X but there are some that could be exploited. The trouble is that no one knows how to make a self replicating virus to exploit them.
Unlike Windows, hardly anyone who uses a Mac runs as root user. We are virtually immune to root kits.
Every piece of software, evil or good or Microsoft has to be approved by administrator password before it installs. At best it could only infect 1 or 2 stupid users and never gain any traction.
A massive infection of even 5% to 10% of all Mac OS X users will NEVER happen. How do you spread it?
or previewing a malicious “.wmf” file in explorer (i.e. opening a folder containing a malicious image file).
Jeez, I think they need a new category for this one; Extremely Critical seems a little lacking. How about “OMFG, switch already moron!”
yes qka, thanks alot. your the best! doesnt matter to me cuz i only look at foxnews.com and willfullignorance.net ha ha happy newyears, deleting cookies always
clownshoes
I am glad to see my message is finally it is catching up in here after a couple of years:
If it doesn’t spread it is not a virus, it is a joke!
OS X, as Unix, as ANY OS can be hacked, of course. There are security flaws here and there and serious companies are proactively addressing those issues. That is, they are not waiting for a virus to show up and THEN release a patch, like our friends do up there in Redmont.
Unix-like OSes (hence, Linux included) have a serious obstacle to massive virus attacks that Windows gladly solves for the crackers: spreading.
On Windows it is a breeze: no problem there.
On Unices it is a massive headache. At most they release root exploits so to recreate a bit (a bit!) what happens on Windows and they succeed getting some 5% infection rate. Wow, how big!
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
On OS X even that is not an option (root is disabled by default). So what gives? Easy: 5 years without virus.
Happy New Year all
joe—kiss Dolly’s other end.
MW–personal—how do it know?
…massive headache. … some 5% infection rate. Wow, how big! – Seahawk
Exactly, not worth the effort even if it was a market of 100 Millions machines. What to get? 5 millions infected computers?
With Windows at 60% rate of infection one gets 5 millions infections just hitting less than 9 millions machines. Even if OS X had 100 Millions machines on the net and Windows only 9 Millions PC presence one would get better results (ie absolute infections) by writing a virus for Windows.
Windows, the best antivirus EVER for all the other OSes.