Windows Metafile Vulnerability

• FireIce

  3 Jan 06, 11:38

  The Windows Metafile vulnerability is a vulnerability in Microsoft Windows which was first disclosed on Bugtraq on 27 December 2005, and subsequently used in a variety of exploits. The vulnerability, located in gdi32.dll, arises from the way in which Windows operating systems handle Windows Metafile (WMF) vector images, and permits arbitrary code to be executed on affected computers without the permission of their users. Windows versions from Windows 98 to Windows Server 2003 R2 are known to be vulnerable to the exploit, while versions as old as Windows 3.0 are probably also vulnerable. Exploits of this vulnerability are thus among the very few examples of genuine drive-by download.
  
  Computers that are not running the Windows operating system are not affected. However, operating systems that have third-party programs or libraries that allow the execution of WMF files on non-Windows systems, are potentially vulnerable.
  
  for more info, pls refer to wiki
• lpx88

  3 Jan 06, 16:08

  why post same issue
  
  http://www.sgforums.com/?action=thread_display&thread_id=172214
  
  
• ndmmxiaomayi

  3 Jan 06, 16:12

  Should it be closed?
  
  
• lpx88

  3 Jan 06, 16:19

  nvm don close la
• ndmmxiaomayi

  3 Jan 06, 16:19

  So delete is it? Got same thread leh...
  
  
• lpx88

  3 Jan 06, 16:29

  Originally posted by ndmmxiaomayi:

  So delete is it? Got same thread leh...
  
  

  no need la...dis 1 add extra info
• ndmmxiaomayi

  3 Jan 06, 16:42

  I don't mind though, add extra ratings for us
  
  Haha
• FireIce

  9 Jan 06, 13:50

  Microsoft Releases Security Update to Fix Vulnerability in Windows
  
  Previously, Microsoft had announced that an update for the Windows Meta File (WMF) vulnerability was in development and scheduled for release with the monthly updates on Tuesday, 10 January 2006, once quality and application compatibility testing was completed. The development and testing teams have put forth a considerable effort to address this issue and respond to the strong customer sentiment that the release should be made available as soon as possible. As a result, the testing process has been completed earlier than expected and the security update is ready for release today, Friday, 6 January 2006.
  
  The security update, MS06-001 has been available for download from the main Microsoft website (http://www.microsoft.com) since 6:00am Friday, 6 January 2006 Singapore local time.
  
  Actions Required
  
  Customers who are using Windows Server Update Services (WSUS) will receive the update automatically. In addition, the update is supported by Microsoft Baseline Security Analyzer (MBSA) 2.0, Systems Management Server (SMS), and Software Update Services (SUS). Customers can also manually download the update from the Download Center at http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx. They should review MicrosoftÂ’s Security Advisory #912840 for up-to-date guidance on how to prevent attacks through exploitation of the WMF vulnerability. To provide customers with deployment guidance on MS06-001 and to answer any questions, Microsoft will hold a special Web cast on Saturday, 7 January 2006.
  Customers can sign up for the Web cast at http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032288647&Culture=en-US.
  
  Consumers who use Automatic Updates will receive the update automatically and do not need to take any additional actions. Consumers can also manually download and deploy the update by visiting Microsoft Update or Windows Update.Consumers can also get more information at http://www.microsoft.com/athome/security. They should follow the guidance on safe browsing at: http://www.microsoft.com/athome/security/online/browsing_safety.mspx.
  
  Contact the Singapore Microsoft Customer Service at 800 852 3543 (toll-free) if you encounter any problems with the update.
  
  Microsoft will continue to monitor attack data, which has thus far indicated that the attacks exploiting this vulnerability are limited, and mitigated by efforts to shut down malicious web sites, as well as with up-to-date signatures from anti-virus solutions. In addition to deploying MS06-001, users should always take care not to visit unfamiliar or untrusted Web sites that could potentially host the malicious code.
  
  The intentional use of exploit code, in any form, to cause damage to computer users is a criminal offense. Accordingly, Microsoft continues to assist law enforcement with its investigation of the attacks in this case.
  
  Finally, Microsoft will still release security updates on Tuesday, 10 January 2006 as part of its regularly scheduled release of security updates. Customers can find out more information about that release at:http://www.microsoft.com/technet/security/bulletin/advance.mspx.
  
  Please do not hesitate to let me know if you have any questions. Thanks!
  
  Best Regards
  
  Microsoft Singapore Security Team
  
  Helpline: 800 852 3543 (toll-free)
  Operating Hours:
  Monday - Friday 8:30am - 7:00pm
  Saturday 10:00am - 2:00pm
  (Except Public Holidays)
  
  For online assistance, visit: http://go.microsoft.com/?linkid=4307887