MWT logo
MWT logo MadWolf Technologies
Home | Careers | Site Map | Contact
header end
MWT logo nav end
MWT logo space space
left_thoughts.jpg
Urgent: Critical Security Issue

Our clients enjoy alerts, notices and updates such as the following:
 

January 2, 2006 

 

Dear Valued Clients,

Greetings and Happy New Year to all.  This is a "3S" alert - Short, Sweet and Serious!

A new vulnerability in the Windows Operating system has been identified and there are active exploits already being distributed via email.  Here are the facts:

  1. The exploit affects all flavors of the Windows Operating System.
  2. Microsoft has NOT yet issued a patch even though viruses are already being distributed via this exploit.  It is said that Microsoft may not release a fix for another week.
  3. The virus can be distributed simply by viewing an image attachment or, rather, what appears to be an image attachment.  ** This is a new and dangerous twist**

A third party patch to protect computers from this exploit has been developed and SANS ISC and F-Secure are recommending that Windows users install this patch as a temporary fix until Microsoft releases and official patch.  We are recommending that our clients install this patch on all Windows 2000 and XP computers.  Note that the patch has not been certified for Windows 95/98/NT.

Some important points to remember:
  • AntiVirus software is NOT guaranteed to recognize and delete this exploit or a virus transmitted via this exploit.
  • Users must be reminded not to open attachments that they don't expect or recognize.  Even then, caution must be exercised.

The highest-profile exploit so far is a virus-laden email with the subject "Happy New Year" and an image attachment "HappyNewYear.jpg".  However, this file is not an image file, it is a Windows Metafile (WMF)  named with a JPG extension.  If the file is opened on an unpatched PC, the virus payload will be distibuted.  Again, this is a new twist, as users are generally trusting of files they believe to be images.  This trust can longer be maintained.  Please educate your users on the importance of this.

If you have Windows PCs in your office, it is crucial that you read about the exploit here:

http://www.computerworld.com/securitytopics/
security/holes/story/0,10801,107420,00.html

You can download the third-party patch from here:

http://www.hexblog.com/2005/12/wmf_vuln.html

A caveat: This patch has been through testing and we have observed no ill effects at MWT.  However, it should be treated as a temporary solution to an urgent issue and can be uninstalled if problems arise.  The patch will show under the "Add/Remove Programs" area in Control Panel and is identified as "Windows WMF Metafile Vulnerability HotFix 1.x".

Please contact us if you have any questions.
[ Back ]
space space space
space