Tag: WMF

MS06-001: Windows Meta File (WMF): Early Release of Patch

Summary
=======
Important Information for Thursday 5 January 2006

Microsoft announced that it would release a security update to help protect customers from exploitations of a vulnerability in the Windows Meta File (WMF) area of code in the Windows operating system on Tuesday, January 2, 2006, in response to malicious and criminal attacks on computer users that were discovered last week.

Microsoft will release the update today on Thursday, January 5, 2006, earlier than planned.

Microsoft originally planned to release the update on Tuesday, January 10, 2006 as part of its regular monthly release of security bulletins, once testing for quality and application compatibility was complete. However, testing has been completed earlier than anticipated and the update is ready for release.

In addition, Microsoft is releasing the update early in response to strong customer sentiment that the release should be made available as soon as possible.

Microsoft’s monitoring of attack data continues to indicate that the attacks are limited and are being mitigated both by Microsoft’s efforts to shut down malicious Web sites and with up-to-date signatures form anti-virus companies.

The security update will be available at 2:00 pm PT as MS06-001.

Enterprise customers who are using Windows Server Update Services will receive the update automatically. In additional the update is supported Microsoft Baseline Security Analyzer 2.0, Systems Management Server, and Software Update Services. Enterprise customers can also manually download the update from the Download Center.

Microsoft have released the patch for this vulnerability earlier than expected. Make sure you have your automatic updates switched on (for those that have it) or go off to the site to perform a manual update if need be.

There is no immediate rush to go get the patch, but I would do it as soon as possible.

Update: 18:40 6th Jan 2006

ZDNet reports that all applications launched inside Wine will be vulnerable to this exploit.

See the article here.

Windows Meta File (WMF)

Be warned that there is a new nasty out in the wild. But contrary to the same old rumour mill, if you practice good internet usage (or safe internet practices) then you won’t be at risk from attack.

The following is an excerpt from the advisory from Microsoft. Click the link to visit and read the full article and any updates.

Microsoft Security Advisory (912840): Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution.

What is the scope of the advisory?
Microsoft is aware of a new vulnerability report affecting the Graphics Rendering Engine in Microsoft Windows. This vulnerability affects the software that is listed in the “Overview” section.
Is this a security vulnerability that requires Microsoft to issue a security update?
Yes, Microsoft has confirmed this vulnerability and will include the fix for this issue in an upcoming security bulletin.
What causes the vulnerability?
A vulnerability exists in the way specially crafted Windows Metafile (WMF) images are handled that could allow arbitrary code to be executed.
What is the Windows Metafile (WMF) image format?
A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system.

For more information about image types and formats, see Microsoft Knowledge Base Article 320314. Additional information about these file formats is also available at the MSDN Library Web site.

To be at risk from this vulnerability you would need to visit a site that was specifically created (or altered) to use a special WMF file or open up an email with such an image in it. So if you visit sites you don’t know or trust, or open emails from the same, you are asking for trouble and not just from this new vulnerability. Go Google for safe web practices !!!