Microsoft has just released its official patch for the WMF 0-Day. In the Microsoft Security Bulletin MS06-001, Microsoft states in its executive summary:
This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840.
If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
We recommend that customers apply the update immediately.
There is a lot of public information available right now on the WMF Exploit and workaround patches. This article will attempt to answer some basic questions surrounding the WMF Exploit and those patches, including why Microsoft is waiting to release their official patch on January 10th, and rumors of an early MS patch Internet leak.
- What is WMF?
Microsoft defines WMF as the Windows Metafile, a 16 bit metafile image format contained both vector and bitmap data.
- What is the issue with WMF?
The WMF image is a little different from other images, it can call external procedures — one of which can execute code.
- How can I get the WMF Exploit?
The answer to this varies right now, however, one thing is certain, you can get the exploit by visiting an infected web page. Others suggest it can arrive thru email attachments, instant messaging, Lotus Notes, the list goes on.
Continued in full here.
There is a new danger floating around the Internet right now, a zero-day exploit taking advantage of the Windows Media Format (WMF). Its not limited to WMF files, it is taking the shape of images as well. This exploit is currently billed as the worst infection in history. It can hide rootkits, it can even hide itself.
This is not a joke.
Many antivirus companies can not discover this malware at present. Microsoft is not responding fast enough. There is currently no known way to detect if your system has been infected. However, don’t let this stop you from applying two specific workaround patches.
Read the following two articles and install the “Windows WMF Hotfix” followed by de-registering the file “shimgvw.dll”. Then reboot. Now, wait with the rest of us for Microsoft and antivirus companies to officially patch this vulnerability and detect/clean it.
– Install the WMF Hotfix
– De-register the “shimgvw.dll” file