Linked by Thom Holwerda on Wed 4th Jan 2006 22:45 UTC
Windows The saga around the WMF flaw in Windows continues. "A cryptographically signed version of Microsoft's patch for the Windows Metafile vulnerability accidentally leaked onto the Internet late Tuesday, adding a new wrinkle to the company's round-the-clock efforts to stop the flow of malicious exploits. The MSRC (Microsoft Security Response Center) acknowledged that a slip-up caused 'a fast-track, pre-release version of the update' to be posted to a security community site and urged users to 'disregard' the premature update."
Thread beginning with comment 81908
To read all comments associated with this story, please click here.
Overblown
by Tom K on Thu 5th Jan 2006 01:49 UTC
Tom K
Member since:
2005-07-06

This is getting overblown. If you don't come in contact with WMF files, you're safe.

You know, I have to say that in my 5 years of using XP, I have *never* seen or used a WMF file, let alone had one sent to me. It looks like the pro-open source sites are all over this, yet the IRC channels are not even seeing a whimper about it.

Reply Score: -3

v RE: Overblown
by Anon on Thu 5th Jan 2006 02:02 in reply to "Overblown"
RE[2]: Overblown
by Tom K on Thu 5th Jan 2006 02:19 in reply to "RE: Overblown"
Tom K Member since:
2005-07-06

Yeah? And how exactly are you going to do that? Short of this and my own site, I don't read any other forums.

In any case, Opera on my Windows box is set up not to load any images anyway. Windows = gaming, encoding.

Reply Parent Score: 0

RE: Overblown
by diegocg on Thu 5th Jan 2006 02:27 in reply to "Overblown"
diegocg Member since:
2005-07-08

You know, I have to say that in my 5 years of using XP, I have *never* seen or used a WMF file, let alone had one sent to me.


....maybe because the bug was discovered two weeks ago?

In case you don't get it, virus creaters will start using it today even if nobody in the whole world had created a WMF file in 10 years. Windows supports it. It's everything you need to get a worm working. Actually, the fact that nobody uses WMF makes it worse: nobody knows what WMF files do, so it'll be much easier to deceive users.

Edited 2006-01-05 02:30

Reply Parent Score: 2

RE: Overblown
by Sollord on Thu 5th Jan 2006 03:24 in reply to "Overblown"
Sollord Member since:
2006-01-05

This is hardly over blown. I've had norton popup about 10times because websites and some web ads have this exploit in them.

Reply Parent Score: 1

RE[2]: Overblown
by cwdrake on Thu 5th Jan 2006 03:47 in reply to "RE: Overblown"
cwdrake Member since:
2005-08-09

I talked to Symantec tech support today. They are having problems with lots of false positive detections on this. it is possible that the files you are seeing detected are not actually malicious.

Reply Parent Score: 1

RE: Overblown
by hal2k1 on Thu 5th Jan 2006 04:50 in reply to "Overblown"
hal2k1 Member since:
2005-11-11

You do realise that black hats can give a malicious wmf file another extension (such as gif or jpg) and your Windows security hole will still be exposed, don't you?

Reply Parent Score: 1

RE: Overblown
by Snifflez on Thu 5th Jan 2006 06:19 in reply to "Overblown"
Snifflez Member since:
2005-11-15

"This is getting overblown. If you don't come in contact with WMF files, you're safe."

False. WMF files may masquerade as seemingly legitimate image files by using a different extension. Ignorance is not a point of view, troll.

Reply Parent Score: 2