PDA

View Full Version : WMF virus vulnerability



rshackleford
01-05-2006, 10:20 AM
Does any one know about the WMF security fault in windows? I am told that you can get a virus just by surfing the net.

PEW
01-05-2006, 10:59 AM
True if you get in the wrong web site.

Keep your anti-virus and anti-spyware up to date.

If you use Outlook, change your settings to only download your email headers. This gives a way to blow away unwanted, or questionable email before it is downloaded where the previewer can view it, which could be too late.

Paul

rshackleford
01-05-2006, 03:27 PM
no, this is new!!!

you don't have to download anything. all you ahve to do is go to the wrong web site. once the picture loads on the web site you are infected. this is a totally different kind of virus then ever before!!

the anti virus progarms can't do anyting about this one!

GOOD NEWS!!

microsoft has the fix ready to download. i would recommend everyone update windows to protect themselves.

again, this is not your fathers virus.

I think I know what the “mf” in wmf stands for and its not media file!!!

jadnashua
01-05-2006, 03:31 PM
You can go to the Microsoft Windows Update site and read about it. They expect a fix next week, they're testing it now. Basically, they've figured out a way to embed a virus into pictures, etc. that you open on a website or in an e-mail. If you are on a network, it could then allow them to create a user account with all of the same priviledges as you have, then they could do pretty much anything they want. Really nasty. Suggest you only go to sites you know and trust, and don't open anything unless you know the person who sent it, and you trust them.

rshackleford
01-05-2006, 03:32 PM
go to start menu, programs, and windows update.

the update is available now!

PEW
01-06-2006, 06:06 AM
Don't expect the fix to be a complete fix, a risk will continue even after the first fix.

Anti-Virus programs will help, as it can be transmitted via graphic files embedded in or attached to an email. It has always been better, as a first line of defense, to only download email headers so you can blow away questionable items before the detail is downloaded to your computer.

Paul

hj
01-07-2006, 01:29 PM
WMF is a WindowsMetaFile. The update patch is supposed to be released Jan. 10. In the mean time some third party has released its own version of the patch and MS is suing them to block the download.

jadnashua
01-07-2006, 01:35 PM
Apparantly, Microsoft finished their testing and released the patch on Thursday, earlier than previously anticipated.

Terry
01-07-2006, 05:42 PM
Yeah, I downloaded it when I saw it was availible on the posts here,

Thanks!

jimbo
01-07-2006, 06:11 PM
I have auto-update turned on. I have been advised by some real "geeks" that they do not do this, but that the typical joe-consumer like me SHOULD use auto update, because we don't have the time, the talent, or the inclination to pay close (daily) attention to security issues like this.

Anyway, I did a manual update today and it told me that I was already up to date, so I was already protected and didn't even know it!

speedbump
01-10-2006, 07:11 AM
Me too Jimbo.

It's too easy to forget, I would rather trust Bill Gates to get things done than myself.

Anyone want a free newsletter with a great forum on nothing but computers, with some pretty smart (geeky) folks try this one. Worldstart (http://forum.worldstart.com/forumdisplay.php?s=&daysprune=&f=3)

Good idea adding this Forum Terry!

bob...

MuddlingThru
01-30-2006, 10:32 AM
WMF is a WindowsMetaFile. The update patch is supposed to be released Jan. 10. In the mean time some third party has released its own version of the patch and MS is suing them to block the download.


This is amazing to me! Someone finds a MAJOR security flaw that has existed in every Windows version since NT4, creates a patch which is intended to repair the problem until M$ decides to fix it themselves, and then they want to sue him! I understand all about IP and reverse engineering, but it's not like downloading the patch wasn't preceded by a thousand word warning!