Snarkpit Forum Index » General Banter » WMF Exploit
WMF Exploit
1
Post Reply
Quote
 Re: WMF Exploit
Posted by Forceflow on Wed Jan 4th at 6:56pm 2006

A flaw has been discovered in the WMF (Windows Meta File) component of Microsoft's popular OS. Just browsing to a dodgy website or following links on msn or in e-mails can lead to trojan/worm infection. Exploit code is out in the wild, that's the problem.

MS will be releasing a patch the 10th of january, claiming that the patch (which is finished, as we speak) should undergo major testing before it's released. A lot of people (including me) claim that it is absolutely necessary to release it now anyway. Compatibility problems are a lesser category compared to the consequences of trojans. You can download Ilfak Guilvanov's hotfix (an unofficial one, but it's perfectly safe, read all about it here), which should resolve the problem until the official patch arrives.

Again, I strongly recommend to install this temporary fix.

People using Win95,98 or ME are screwed, by the way. No patch will be released by Microsoft, which is in fact a shallow way of forcing people to buy yet another +100$ version of their product.




:: Forceflow.be :: Nuclear Dawn developer



Quote
 Re: WMF Exploit
Posted by Gwil on Wed Jan 4th at 7:02pm 2006

Ooh a fix <img src=" SRC="images/smiles/icon_smile.gif"> I posted about this ( http://www.snarkpit.net/forums.php?forum=1&topic=6309&8 ) already. There's another work around too... *digs up*

? quote:
just been taking a look at this and just in case anyone didn't realise (I didn't) the exploit doesn't work if you're running DEP... you can check that DEP is switched on by going to control panel > system > advanced > performance > settings > Data Execution Prevention

DEP requires Windows XP with Service Pack 2 and either and Athlon64, Sempron with nxBit, and any Pentium with EMT64 or Celeron with nxBit. Anything purchased within the last 18-12 months should have this, but socket A semprons and some intel stuff are still at risk.





Quote
 Re: WMF Exploit
Posted by fishy on Wed Jan 4th at 7:51pm 2006

cheers forceflow. better to be safe than sorry.




i eat paint



Quote
 Re: WMF Exploit
Posted by Forceflow on Wed Jan 4th at 8:03pm 2006

It is said, that after MS released the patch, you can uninstall this thing (in the config screen, software part) before or after you did the Windows Update, but I'd suggest uninstalling it before that.

To quote the creator of this fix:

? quote:
You may uninstall the fix before or after this fix from Microsoft. The fix is written in a way that if it sees that the system has changed and became incompatible, it will not interfere with the normal workflow.



:: Forceflow.be :: Nuclear Dawn developer



Quote
 Re: WMF Exploit
Posted by Loco on Thu Jan 5th at 12:04am 2006

According to the BBC we may have to wait aother week for an official fix:
http://news.bbc.co.uk/1/hi/technology/4580852.stm


My site



Quote
 Re: WMF Exploit
Posted by OtZman on Thu Jan 5th at 12:26am 2006

Thanks for posting Forceflow. If this fix is just as good as the one MS will release I could just as well keep this one.



What the Snarkpitters listen to!



Quote
 Re: WMF Exploit
Posted by DrGlass on Thu Jan 5th at 1:37am 2006

Just a nother reason never to click any links or go to any website other than snarkpit and wikipedia...



Quote
 Re: WMF Exploit
Posted by rs6 on Thu Jan 5th at 1:47am 2006

<3 my Amd64 with DEP.



Quote
 Re: WMF Exploit
Posted by Forceflow on Thu Jan 5th at 8:35am 2006

I also have an AMD64, but I installed the patch anyway. Yet again, better safe than sorry.



:: Forceflow.be :: Nuclear Dawn developer




1
Post Reply