35 month ago
kayodeok : Mark's Sysinternals Blog: Inside the WMF Backdoor - In my opinion the backdoor is one caused by a security flaw and not one made for subterfuge. I sent my findings to both Steve and to Microsoft Monday morning, but because the issue continues to draw media attention I’ve decided to publicly document
# copy
35 month ago
kayodeok : Looking at the WMF issue, how did it get there? - This was a different time in the security landscape and these metafile records were all completely trusted by the OS. To recap, when it was introduced, the SetAbortProc functionality served an important function
# copy
35 month ago
kayodeok : The Windows MetaFile Backdoor? - (The Windows MetaFile ) has the feeling of something that Microsoft deliberately designed into Windows. Given the nature of what it is, this would make it a remote code execution "backdoor."
# copy
35 month ago
kayodeok : Microsoft Security Bulletin MS06-001: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919) - Patching Time!
# copy
35 month ago
kayodeok : BREAKING NEWS! Microsoft's OFFICIAL SECURITY UPDATE leaked onto the Internet early (and it works great!) - The updated GDI32.DLL file contained in this patch, was built in the evening of December 28th, LAST WEDNESDAY. It is clear that Microsoft jumped on this problem - and had it resolved - almost immediately. But the nature of the installed base of Windows sy
# copy
35 month ago
kayodeok : Microsoft Statement Concerning Windows Meta File Vulnerability - Microsoft has completed development of a security update to fix the vulnerability and is now testing it for quality and application compatibility, with a goal of releasing the fix worldwide on Jan. 10
# copy
35 month ago
kayodeok : Jesper's Blog : Conscientious Risk Management and WMF - Conscientious Risk Management and WMF
# copy
35 month ago
kayodeok : The PC Doctor: WMF exploit - Quick Guide - WMF exploit - Quick Guide
# copy
35 month ago
kayodeok : SANS - Internet Storm Center - Updated version of Ilfak Guilfanov's patch - Ilfak Guilfanov has released an updated version of his unofficial patch for the Window's WMF issue. We have reverse engineered, reviewed, and vetted the version here
# copy
35 month ago
Andy Baio : Windows WMF vulnerability hotfix - possibly the worst Windows hole ever, affects all versions, and spreading fast; install this now, as even viewing an image can infect you
Rod Begbie : Hex blog: Windows WMF Metafile Vulnerability HotFix - INSTALL THIS! INSTALL THIS! INSTALL THIS! If you're running Windows? INSTALL THIS! [via] #
# copy
35 month ago
kayodeok : Internet Storm Center on WMF Vulnerability: Trustworthy Computing - This is a bad situation that will only get worse. The very best response that our collective wisdom can create is contained in this advice - unregister shimgvw.dll and use the unofficial patch. You need to trust us.
# copy
35 month ago
kayodeok : WMF Vulnerability Checker - However, there is no safe way to tell if your system is vulnerable. Here is a small utility to address this problem. You can download it from the following link
# copy
35 month ago
kayodeok : WMF vulnerability: It's not a bug, it's a feature - Turns out this is not really a bug, it's just bad design. Design from another era
Rod Begbie : F-Secure : News from the Lab - It's not a bug, it's a feature - The currently-circulating Windows WMF exploit "probably affects more computers than any other security vulnerability, ever." Every PC running any version of Windows since 1990 -- even if fully patched -- is vulnerable! #
deusx : F-Secure : News from the Lab - January of 2006 - ""The WMF vulnerability" probably affects more computers than any other security vulnerability, ever."
Nelson Minar : WMF hole intentional - An image format designed to run arbitrary code. (via Hot Links)
# copy
35 month ago
kayodeok : Overview of the WMF related articles at the Internet Storm Center - Since this is one of the more complex stories to follow I've made a quick overview of the WMF issues.
# copy
35 month ago
kayodeok : WMF Vulnerability: From extreme to in depth - Suppose you are basically just not capable of accepting the risk associated with the WMF vulnerability, almost no matter what you break. In such a case you have big avenues to walk: Ban Microsoft products in your environment
# copy
35 month ago
kayodeok : SANS - Internet Storm Center - WMF Frequently Asked Questions (FAQ) - The WMF vulnerability uses images (WMF images) to execute arbitrary code. It will execute just by viewing the image. In most cases, you don't have click anything. Even images stored on your system may cause the exploit to be triggered if it is indexed by
cobra libre : WMF exploit FAQ - read this if you use windows #
Simon Willison : SANS WMF Exploit FAQ - This is really good.
# copy
