beware Microsoft Windows Metafile Handling Buffer Overflow

[Karen]

Date: Tue, 3 Jan 2006 07:45:41 -0800
To: "DL.STAFF.ALL"
Subject: Good Morning - Information on the "Microsoft Windows Metafile Handling Buffer Overflow"

Good Morning, everyone, and welcome back.

Over the vacation, you may have heard through the news about a new Windows vulnerability that can leave your computer open to various "cracker" attacks. The vulnerability is named the," and here's US CERT's description:

Microsoft Windows is vulnerable to remote code execution via an error
in handling files using the Windows Metafile image format. Exploit
code has been publicly posted and used to successfully attack
fully-patched Windows XP SP2 systems. However, other versions of the
the Windows operating system may be at risk as well.

In a nutshell, this means that a maliciously crafted image can infect and compromise your computer. What's particularly scary about this exploit is that you don't need to "execute" or run a program on your computer - it can be infected just by looking at an "infected" image! This "infection" can be spread by email, instant messaging, even viewing an infected image on a website. It should also be noted that, as of the writing of this email, there is no patch from Microsoft to fix this exploit.

On our end, our email servers were automatically updated over the winter break to block emails containing this exploit. However, as you can imagine, this is not enough to completely protect our network, and until Microsoft issues a patch, there is little else we can do from our end.

So, what can you do to make sure that you don't get infected? Here's CERT's recommendation:

Attackers may host malicious Windows Metafiles on a web site. In order
to convince users to visit their sites, those attackers often use URL
encoding, IP address variations, long URLs, intentional misspellings,
and other techniques to create misleading links. Do not click on
unsolicited links received in email, instant messages, web forums, or
internet relay chat (IRC) channels. Type URLs directly into the
browser to avoid these misleading links. While these are generally
good security practices, following these behaviors will not prevent
exploitation of this vulnerability in all cases, particularly if a
trusted site has been compromised or allows cross-site scripting.

Basically, just keep practicing good, safe computing habits. Don't open suspicious emails, don't visit strange websites, and don't click on any unsolicited weblinks. This is good advice at any time, but especially now as we wait for Microsoft to issue a patch. Unfortunately, we don't know when a patch will be available as Microsoft has not announced this yet.

Also, if you're using a Mac or Linux computer, you're fine - this exploit only affects Microsoft Windows.

We'll be sure to keep you informed as we receive any new information. If you have any questions or concerns, please reply to myself or Computing Services directly. Thanks in advance for your cooperation!


Regards,

Mark Linford
Internet Services Specialist
Santa Rosa Junior College

[gandalf]

I just found out that M$ did just put out a patch on this. Please use update now.

[Karen]

thank you very much.

I just found out that M$ did just put out a patch on this. Please use update now.

[Karen]

there's a link to the patch in this article

https://www.internetnews.com/security/article.php/3575461

thank you very much.