HomeBlogsChristoph C. Cemper's blog
Security

WMF Flaw - a new threat in town

<< WMFflaw - Microsoft patch released | MD5 Password cracking web service >>
Tue, 01/03/2006 - 17:54 — Christoph C. Cemper

I was warned by Steve Freedman's newsletter already yesterday about a hardcore security threat in Windows, where a bug in the Windows Meta File allows malicious code to be executed without user action.

So, You don't have to click on a link, open an attachment or take any other action. It affects Internet Explorer, Firefox, Opera and Netscape.

This seems to the the first time expert Steve has seen a vulnerability rated at the "Extremely Critical" level…

Steve even posted a step-by-step instruction on how to protect your PC,

but you need to

  • install a "hack" to disable some picture related functions (you can later deinstall that)
  • install a specific firewall product that seems to be the only one to have a protection against this threat (yes: and even uninstall existing firewalls!)

Read what the Washington Post also wrote in Security Fix – (washingtonpost.com)

Here is an overview of the WMF related articles at the ISC (internet storm center)

The working hotfix can be downloaded from this page

Average rating
 
 
 
 
 
(1 vote)

Comments

Wed, 01/04/2006 - 08:02 — Steve Freedman (not verified)

WMF Flaw - a new threat in town

Sorry about the double post, I hit a glitch, LOL.

I also wanted to tell you that my website logs show that many of your readers actually went to the website and downloaded the patch!

Way to Go!

Let others know where to get protected, and we can shut this malware DOWN!

Steve

Wed, 01/04/2006 - 08:37 — Steve Freedman (not verified)

WMF Flaw - a new threat in town

Microsoft has just posted an advisory (http://www.microsoft.com/technet/security/advisory/912840.mspx) that it will provide FREE help to anyone who thinks they have been attacked by the WMF Flaw.

Here's what Microsoft says:

"Customers who believe they may have been affected by this issue can also contact Product Support Services. You can contact Product Support Services in the United States and Canada at no charge using the PC Safety line (1 866-PCSAFETY). Customers outside of the United States and Canada can locate the number for no-charge virus support by visiting the Microsoft Help and Support Web site (http://support.microsoft.com/security/)."

For a FREE step-by-step guide to installing the unoficial patch, go to www.HelpProtectMyComputer.com/WMFflaw.html

Wed, 01/04/2006 - 10:34 — Steve Freedman (not verified)

WMF Flaw - a new threat in town

Hi, again, all.

The Internet Storm Center has posted a corporate network fix (.msi file).

I have linked to it on http://www.HelpProtectMyComputer.com/WMF.html.

Spread the Word.

(Goodnight, I gotta get some sleep!) LOL

Steve

Thu, 01/05/2006 - 22:38 — Steve Freedman (not verified)

WMF Flaw - a new threat in town

Howdy, all.

Microsoft has announced that it will release its security patch for the WMFflaw at 2 PM Pacific Standard time.

It will be available on the Microsoft Update (www.microsoft.com).

Just a few thoughts...

An early release by Microsoft shows how urgent this issue is. It is also possible that there will be a huge rush to get the patch, so please be patient.

The patch that is on my website, www.HelpProtectMyComputer.com/WMFflaw.html appears to be completely compatible with the MS patch.

You should harden your computer against other attactks by locking your HOSTS file, having a multi-layer defense and using common sense when you read emails, etc.

If your data is important to you, I suggest you purchase my ebook "Help! Something's Got Hold of My Computer and It Won't Let Go!" available at HelpProtectMyComputer.com. (yes, it's a shameless plug, but it's also a highly effective way to protect your computer, plus you get $700 worth of bonuses!)

Have a safe computing year!

Steve

Similar entries