New windows vulnerability - you should read this one.

Discussion in 'NZ Computing' started by news.xtra.co.nz, Jan 3, 2006.

  1. http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes


    NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft,
    where security experts are scrambling to confront a potentially massive
    virus threat to Windows PCs.
    According to a report Tuesday in the Financial Times, the latest
    vulnerability involves a flaw which allows hackers to infect computers using
    programs inserted into image files. The threat was discovered last week. But
    it mushroomed over the weekend, when a group of hackers published the source
    code they used to exploit the flaw.

    What makes this threat particularly vicious, according to the Times, is that
    unwitting victims can infect their computers simply by viewing a web page,
    e-mail, or instant message that includes a contaminated image. That differs
    from most virus attacks, which require a user to actually download an
    infected file.

    "The potential [security threat] is huge," Mikko Hypponen, chief research
    officer at F-Secure, an antivirus company, told the Times. "It's probably
    bigger than for any other vulnerability we've seen.

    "Any version of Windows is vulnerable right now," said Mr. Hypponen,
    including every Windows system shipped since 1990.

    Microsoft said a security patch would be available for the problem on
    Tuesday, January 10 after it has passed rigorous testing procedures
    news.xtra.co.nz, Jan 3, 2006
    #1
    1. Advertising

  2. news.xtra.co.nz

    anon k Guest

    Isn't it only Windows metafiles that are affected? Hardly anyone seems
    to use those so they should be easy to avoid.

    news.xtra.co.nz wrote:
    > http://money.cnn.com/2006/01/03/technology/windows_virusthreat/index.htm?cnn=yes
    >
    >
    > NEW YORK (CNNMoney.com) - The new year is off to a rocky start at Microsoft,
    > where security experts are scrambling to confront a potentially massive
    > virus threat to Windows PCs.
    > According to a report Tuesday in the Financial Times, the latest
    > vulnerability involves a flaw which allows hackers to infect computers using
    > programs inserted into image files. The threat was discovered last week. But
    > it mushroomed over the weekend, when a group of hackers published the source
    > code they used to exploit the flaw.
    >
    > What makes this threat particularly vicious, according to the Times, is that
    > unwitting victims can infect their computers simply by viewing a web page,
    > e-mail, or instant message that includes a contaminated image. That differs
    > from most virus attacks, which require a user to actually download an
    > infected file.
    >
    > "The potential [security threat] is huge," Mikko Hypponen, chief research
    > officer at F-Secure, an antivirus company, told the Times. "It's probably
    > bigger than for any other vulnerability we've seen.
    >
    > "Any version of Windows is vulnerable right now," said Mr. Hypponen,
    > including every Windows system shipped since 1990.
    >
    > Microsoft said a security patch would be available for the problem on
    > Tuesday, January 10 after it has passed rigorous testing procedures
    >
    >
    anon k, Jan 3, 2006
    #2
    1. Advertising

  3. On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:

    > Microsoft said a security patch would be available for the problem on
    > Tuesday, January 10 after it has passed rigorous testing procedures


    And are those "rigorous testing procedures" the same ones that permitted
    Micro$oft to describe WindozeXP as the "most secure version of Windows
    ever"?

    Don't bother patching Windows. Dump it altogether. Change over to using
    Linux!


    Undeniably Sluttish

    --
    "Simply opening the wrong Web page or receiving an e-mail with an errant
    image file could be enough to cripple your computer, thanks to a newly
    discovered vulnerability in the Microsoft Windows operating systems."
    Mr Undeniably Sluttish, Jan 3, 2006
    #3
  4. news.xtra.co.nz

    -=rjh=- Guest

    anon k wrote:
    > Isn't it only Windows metafiles that are affected? Hardly anyone seems
    > to use those so they should be easy to avoid.


    Yes, but the exploit works on wmf files renamed to jpg and presented on
    websites - even as banners. Not so easy to avoid.
    -=rjh=-, Jan 3, 2006
    #4
  5. news.xtra.co.nz

    bambam Guest

    -=rjh=- <> wrote in news::

    > anon k wrote:
    >> Isn't it only Windows metafiles that are affected? Hardly anyone seems
    >> to use those so they should be easy to avoid.

    >
    > Yes, but the exploit works on wmf files renamed to jpg and presented on
    > websites - even as banners. Not so easy to avoid.


    Temporary fix available here-

    http://www.grc.com/sn/notes-020.htm
    bambam, Jan 3, 2006
    #5
  6. news.xtra.co.nz

    anon k Guest

    -=rjh=- wrote:
    > anon k wrote:
    >
    >> Isn't it only Windows metafiles that are affected? Hardly anyone
    >> seems to use those so they should be easy to avoid.

    >
    >
    > Yes, but the exploit works on wmf files renamed to jpg and presented on
    > websites - even as banners. Not so easy to avoid.


    Ah, I see...
    anon k, Jan 3, 2006
    #6
  7. Mr Undeniably Sluttish wrote:
    > On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:
    >
    >
    >>Microsoft said a security patch would be available for the problem on
    >>Tuesday, January 10 after it has passed rigorous testing procedures

    >
    >
    > And are those "rigorous testing procedures" the same ones that permitted
    > Micro$oft to describe WindozeXP as the "most secure version of Windows
    > ever"?
    >
    > Don't bother patching Windows. Dump it altogether. Change over to using
    > Linux!
    >


    I don't know how people can bear to waste all that time on endlessly
    downloading patches and finding yet another anti-virus program.

    Ubuntu http://www.ubuntulinux.org/ will send free CDs! These comprise
    one disc that you can use to just try out their version of Linux (i.e.
    you can't save what you do, it lasts only as long as you are running
    that disc, but you can see if the Linux programs would suit you) and
    another for installing it on your computer. Anyone who is in doubt
    would probably be wise to try out first. Linux has such a reputation for
    being hard to use and only suitable for geeks, many windows users would
    be nervous of the change-over unless they had had a good look at it first.

    Linux is the ideal operating system for non-geeks. It doesn't mess up,
    and even if you mess up your own stuff you can't accidentally delete one
    of the vital components that make the whole operating system work!

    A L P
    Myftrefs Voleftrangler Snr., Jan 3, 2006
    #7
  8. news.xtra.co.nz

    geopelia Guest

    Will pc-cillin 2005 stop the virus?
    geopelia, Jan 4, 2006
    #8
  9. news.xtra.co.nz

    Philip Guest

    geopelia wrote:
    > Will pc-cillin 2005 stop the virus?
    >
    >

    Not by itself, I shouldn't think. This is a real nasty that loads and
    installs itself if you look at a picture - anything from a graphic logo
    on a web page to a pic attached to an e-mail. In some circumstances it
    can load and instal with you doing anything at all beyond viewing a web
    page.

    Nasty indeed, and I have nothing but contempt for the dim dumbasses that
    devised and distributed it.

    Philip
    Philip, Jan 4, 2006
    #9
  10. news.xtra.co.nz

    Philip Guest

    Mr Undeniably Sluttish wrote:
    > On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:
    >
    >> Microsoft said a security patch would be available for the problem on
    >> Tuesday, January 10 after it has passed rigorous testing procedures

    >
    > And are those "rigorous testing procedures" the same ones that permitted
    > Micro$oft to describe WindozeXP as the "most secure version of Windows
    > ever"?
    >
    > Don't bother patching Windows. Dump it altogether. Change over to using
    > Linux!
    >
    >
    > Undeniably Sluttish
    >


    This is easy to say, much harder to do for many users, and impossible
    probably for many of them who just want to use a computer for what it
    can do for them and don't want to look under the hood.

    Linux is a fine and clever thing, though most of its documentation is
    appalling and the basic concepts are presented in ways unfriendly to
    many - perhaps most - computer users.

    But what you're saying is the equivalent of telling a man who's just
    blown the head gasket on his Holden that the answer to his problem is to
    rip out the Holden engine & put in a Toyota.

    Yeah, right.

    Philip

    (who regularly uses Ubuntu, Knoppix & Windows XP)
    Philip, Jan 4, 2006
    #10
  11. news.xtra.co.nz

    GraB Guest

    On Tue, 03 Jan 2006 23:14:36 GMT, bambam <>
    wrote:

    >-=rjh=- <> wrote in news::
    >
    >> anon k wrote:
    >>> Isn't it only Windows metafiles that are affected? Hardly anyone seems
    >>> to use those so they should be easy to avoid.

    >>
    >> Yes, but the exploit works on wmf files renamed to jpg and presented on
    >> websites - even as banners. Not so easy to avoid.

    >
    >Temporary fix available here-
    >
    >http://www.grc.com/sn/notes-020.htm


    I ran the checker file on my Win98SE setup and it came out as
    'invulnerable'.
    GraB, Jan 4, 2006
    #11
  12. news.xtra.co.nz

    Dave Doe Guest

    Dave Doe, Jan 4, 2006
    #12
  13. Philip wrote:
    > Mr Undeniably Sluttish wrote:
    >
    >> On Wed, 04 Jan 2006 11:26:12 +1300, news.xtra.co.nz wrote:
    >>
    >>> Microsoft said a security patch would be available for the problem on
    >>> Tuesday, January 10 after it has passed rigorous testing procedures

    >>
    >>
    >> And are those "rigorous testing procedures" the same ones that permitted
    >> Micro$oft to describe WindozeXP as the "most secure version of Windows
    >> ever"?
    >>
    >> Don't bother patching Windows. Dump it altogether. Change over to using
    >> Linux!
    >>
    >>
    >> Undeniably Sluttish
    >>

    >
    > This is easy to say, much harder to do for many users, and impossible
    > probably for many of them who just want to use a computer for what it
    > can do for them and don't want to look under the hood.


    I read about Linux one of the first days I had internet, just followed
    leads the way you do like a kid in an ideas shop, and there it was,
    something you could alter so it did things your way not MS's way which
    had annoyed me ever since I'd bought the computer.

    As it turns out I've no talent whatsoever for meddling "under the
    bonnet" but I still find Linux infinitely pleasanter to use. Not having
    to fret over worms and patches and viruses is a blessing worth the
    change-over IMO, unless you use programs that don't have good Linux
    equivalents. Some commercially available specialist programs are like
    that. Most of the others are available in Linux, but it's a matter of
    what suits you of course.

    I think Linux is the most suitable OS for ordinary household users. The
    support and documentation aren't necessarily great (mind you I'll
    never forget the first time I got one of those classic error messages
    which said in effect "ERROR - You have an error") but because it's such
    a community there are LUGs (Linux users' groups) in the cities, and you
    can join the mailing list and ask questions even if you can't make it to
    meetings. Then there are the innumerable online groups ditto, and heaps
    of info online.

    Most of the programs are not a whole lot different from Windows except
    in appearance and lay-out so changing over isn't a big hassle for most
    people.

    Anyway as I suggested in a previous post, the best way to work out if
    Linux is for the person who is considering changing over is to try one
    of the discs that run from the ordinary Windows CD drive and don't alter
    anything in your machine, but make the machine run (temporarily) as if
    it had Linux as its operating system. (No worries, as soon as you take
    the disc out it's back to Windows. If you decide to change to Linux, as
    a result of finding that you are comfortable with it during your
    try-out, you have to install it using a different disc [reassuring note
    for non-geeks].)

    >
    > Linux is a fine and clever thing, though most of its documentation is
    > appalling and the basic concepts are presented in ways unfriendly to
    > many - perhaps most - computer users.


    That's why the fact that it's a community thing is important.
    >
    > But what you're saying is the equivalent of telling a man who's just
    > blown the head gasket on his Holden that the answer to his problem is to
    > rip out the Holden engine & put in a Toyota.


    If it's an engine that is forever giving you grief you'd do well to see
    what was available at the wreckers' - could drop a new(ish) one in for
    $buggerall and save ongoing stresss!

    A L P




    >
    > Yeah, right.
    >
    > Philip
    >
    > (who regularly uses Ubuntu, Knoppix & Windows XP)
    Myftrefs Voleftrangler Snr., Jan 4, 2006
    #13
  14. news.xtra.co.nz

    Crash Guest

    Myftrefs Voleftrangler Snr. wrote:
    [snip]
    >
    > I don't know how people can bear to waste all that time on endlessly
    > downloading patches and finding yet another anti-virus program.
    >

    I, along with most users of XP spend zero time on this because Windows is
    updated automatically, along with most AV programs. While we may be vulnerable
    for a period until patches are downloaded and installed most of us simply never
    get attacked.
    > Ubuntu http://www.ubuntulinux.org/ will send free CDs! These comprise
    > one disc that you can use to just try out their version of Linux (i.e.
    > you can't save what you do, it lasts only as long as you are running
    > that disc, but you can see if the Linux programs would suit you) and
    > another for installing it on your computer. Anyone who is in doubt
    > would probably be wise to try out first. Linux has such a reputation for
    > being hard to use and only suitable for geeks, many windows users would
    > be nervous of the change-over unless they had had a good look at it first.
    >
    > Linux is the ideal operating system for non-geeks. It doesn't mess up,
    > and even if you mess up your own stuff you can't accidentally delete one
    > of the vital components that make the whole operating system work!


    I suspect quite a few people are averse to Linux also because they want to use
    the same OS at home that they have to use at work - they do NOT want to learn a
    new OS. Yes there are flavours of Linux that have the Windows look-and-feel (I
    am told) but I for one am not willing to invest the time to find out whether a
    Linux distro claiming to be just like windows is really as good as claimed.

    I have been using Windows since 1990 at work and at home (and DOS before that at
    work). My machines have never been affected adversely to my knowledge by any
    form of hack. I have always maintained prudently regular AV and Windows Update
    services and I simply cannot be bothered with any other OS at present.

    Crash.
    Crash, Jan 4, 2006
    #14
  15. news.xtra.co.nz

    bambam Guest

    GraB <> wrote in
    news::

    >>Temporary fix available here-
    >>
    >>http://www.grc.com/sn/notes-020.htm

    >
    > I ran the checker file on my Win98SE setup and it came out as
    > 'invulnerable'.


    That's the first time I've ever heard that said about Win98. ;)
    bambam, Jan 4, 2006
    #15
  16. news.xtra.co.nz

    Ashley Guest

    "Myftrefs Voleftrangler Snr." <b|> wrote in message
    news:...


    > I don't know how people can bear to waste all that time on endlessly
    > downloading patches and finding yet another anti-virus program.


    We don't. We let Windows automatic update do it for us while we're asleep
    :)

    --
    Ashley
    www.cattitude.co.nz
    Ashley, Jan 4, 2006
    #16
  17. On Wed, 04 Jan 2006 14:30:30 +1300, Philip wrote:

    > But what you're saying is the equivalent of telling a man who's just
    > blown the head gasket on his Holden that the answer to his problem is to
    > rip out the Holden engine & put in a Toyota.


    I'm suggesting that the person with the clapped out Holden should take it
    to the tip and replace it with the brand new Ferrari that has just been
    delivered free to his driveway.


    Undeniably Sluttish

    --
    "Simply opening the wrong Web page or receiving an e-mail with an errant
    image file could be enough to cripple your computer, thanks to a newly
    discovered vulnerability in the Microsoft Windows operating systems."
    Mr Undeniably Sluttish, Jan 4, 2006
    #17
  18. news.xtra.co.nz

    EMB Guest

    Mr Undeniably Sluttish wrote:

    > I'm suggesting that the person with the clapped out Holden should take it
    > to the tip and replace it with the brand new Ferrari that has just been
    > delivered free to his driveway.


    You are aware of how much it costs to service and fix a Ferrari aren't
    you. :p


    --
    EMB
    EMB, Jan 4, 2006
    #18
  19. On Wed, 04 Jan 2006 14:23:26 +1300, Philip wrote:

    > Nasty indeed, and I have nothing but contempt for the dim dumbasses that
    > devised and distributed it.


    I have nothing but contempt for the moron who left that vulnerability open
    for exploitation; and utter contempt for the clueless moron who decided
    that this exploit was not worth immediate and urgent attention.

    If you think that this standard of service is acceptable from a monopoly
    provider... then good luck to you - you'll need it!

    Undeniably Sluttish

    --
    "Simply opening the wrong Web page or receiving an e-mail with an errant
    image file could be enough to cripple your computer, thanks to a newly
    discovered vulnerability in the Microsoft Windows operating systems."
    Mr Undeniably Sluttish, Jan 4, 2006
    #19
  20. On Wed, 04 Jan 2006 12:45:27 +1300, Myftrefs Voleftrangler Snr. wrote:

    > many windows users would
    > be nervous of the change-over unless they had had a good look at it first.


    I know of Windoze users who are afraid of even *looking* at alternatives!
    :eek:(

    The migration path is simple:

    Take one Windoze box with Micro$oft Orafice intalled.

    Install Open Office. Change the default programmes over from Micro$oft
    Orafice to Open Office.

    Wait one month.

    Install Mozilla Firefox. Again change the default programmes over from
    Micro$oft Internet Virus Deployer to Mozilla Firefox. Remove the "e" from
    the desktop, the task bar, and the "Start" menu.

    Wair a further two months.

    Uninstall the now unused Micro$oft Office. Wait another month.

    Now completely trash the system, saving important data, and install your
    favourite distro of Linux, along with KDE, Open Office, Novell/Ximian
    Evolution, and Mozila Firefox.

    Most people in the corporate world would merely notice a change in
    desktop wallpaper and a few new icons at the bottom of the screen.


    Undeniably Sluttish

    --
    Free software on every PC on every desk.
    Mr Undeniably Sluttish, Jan 4, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. kpg
    Replies:
    42
    Views:
    1,155
  2. Evelina Onuchyna

    You Should Really Read This

    Evelina Onuchyna, Aug 3, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    613
    Experienced but Undocumented
    Aug 3, 2003
  3. NIST.org
    Replies:
    38
    Views:
    1,461
  4. Au79
    Replies:
    0
    Views:
    443
  5. Au79
    Replies:
    1
    Views:
    467
    Fuzzy Logic
    Nov 30, 2007
Loading...

Share This Page