Important Note to Windows Users

[+ deej]

Today, Microsoft released a new security update (off-schedule from their monthly updates) due to a particularly bad exploit that is floating around the internet. Go to Windows Update and scan for available updates. (Windows Update is on the Tools menu in Internet Explorer.)

 

This one is particularly bad because you don't have to open anything to trigger it. If you're using an indexing service (such as Google Desktop), the indexing service will trigger it as soon as it gets indexed.

 

I don't normally put out warnings like this, but this one has the potential to be really damaging.

[Boston Guy]

Good note. I just wanted to mention that the fix available today is only valid for XP (SP1 and SP2). Other fixes will be available later, probably on Tuesday.

 

Also, Microsoft announced today that they don't think that users of Windows 98 and ME face the same threat level... which is sort of surprising. My own take is that they are gearing up the process of explaining why they are not going to release a patch for those OS's, which might be yet another nail in the coffin of 98.

 

BG

[+ deej]

Actually, it's XP (SP1 and 2) 32 and 64-bit, as well as Windows Server 2003 and Windows 2000. But good point. It's only the NT-based OSs.

 

9x and ME are pretty much orphaned.

 

But did you know even XP/Home falls out of "standard support" at the end of 2006? And since it's a "home" product there's no extended support.

 

Get ready for the marketing blitz for Vista. This will make the push for Win95 look like a minor campaign.

[+ deej]

Oh, and when you think about it Win9x and WinME users are less likely to have the latest versions of Media Player which is, I think, where the flaw is. It sorta makes sense they'd be less succeptible.

 

The major exception to that, though, is the porn-watching crowd. (You know who you are! ;-)) We're likely to have some of them here so it's good to have them at least aware, even if a fix isn't available.

 

The virus scanning people are all over this one, too, which is probably where help will come for the "Vintage Windows" group.

[Boston Guy]

Huh. I already applied the patch earlier, but the account I read in (I think) CNet said it was only releasing the XP SP1 and SP2 patches today, with the rest to follow. I just checked, though, and you are correct.

 

Just goes to show that you can't believe everything you read... except here, of course. :+

 

BG

[OneFinger]

Here's what they sent out at work concerning this:

 

On Tuesday, December 27, 2005, Microsoft notified our Security Information and Analysis Center (SIAC) of public reports that malicious attacks on some of their customers’ computers involved previously unknown security vulnerability in the Windows Meta File (WMF) code area of the Windows platform. This previously unknown vulnerability affects all recent versions of Windows platforms, and on January 10 Microsoft will be releasing a security update that will fix this vulnerability.

 

Until the release of the security update, the SIAC will be trying to limit our exposure to any malicious attacks. In the meantime, the SIAC has taken several steps to protect the network including the following.

 

The internet proxy is blocking all known malicious Web sites that exploit this vulnerability to prevent the accidental access of a Trojan-enabled Web site.

 

The proxy is also being updated regularly to block the newest malicious Web sites.

 

All e-mails containing ".WMF" file attachments have been blocked from entering our e-mail system.

 

The anti-virus software has been updated with newest virus signatures. It is vital that users check to insure the virus version on their computer is 1/2/2006 or later and that the scan engine is 9.0 or later. Users can check by double clicking the icon in the system tray at the bottom of the screen. If necessary, a user can perform a manual update.

 

Users are asked to refrain from checking personal e-mail accounts (e.g., Hotmail, Earthlink, etc.) from the work because this is a potential source of infection.

 

As more viruses are discovered the SIAC will continue to take steps to block them. Users will receive the monthly “Reboot Wednesday” reminder next week and are asked reboot their computers on January 11 to implement Microsoft’s security update released on January 10.

 

Sounds like a very serious threat so everyone should practice "safe hexing".

 

-------------

"We need to have more respect for each other. Things have just gone really crazy, out of control. ... We're on a very weird kind of cycle." Stevie Wonder

[+ deej]

The update page is here:

 

http://www.microsoft.com/technet/security/bulletin/ms06-001.mspx

 

When people can get information from the horse's mouth, why should anyone pay attention to us?

 

(Boy am I resisting the "other end of the horse" joke! LOL)

[+ deej]

>All e-mails containing ".WMF" file attachments have been

>blocked from entering our e-mail system.

 

Just curious ... do they also block .ZIP, .TAR, and .RAR extensions? Either form of archive could contain one of these critters.

 

You'd be surprised how many email systems won't allow a .EXE attachment, but will allow the same .EXE in a .ZIP file! Or in a .ZIP file renamed with a .TXT extension.

 

As I said, the real danger in this one is that it can be triggered without your doing anything. You may have an indexing service installed and not even know it. Piggyback installs are common these days. Try to install quicktime from Apple, and you'll likely get ITunes too. MANY installers also install the (MSN|Google|Yahoo|AOL|Whoever) toolbar and/or indexing service.

 

Right when the industry needs to get a grip and be more responsible, it isn't.

 

SOAPBOX OFF

[OneFinger]

>Just curious ... do they also block .ZIP, .TAR, and .RAR extensions? Either form of archive could contain one of these critters. You'd be surprised how many email systems won't allow a .EXE attachment, but will allow the same .EXE in a .ZIP file! Or in a .ZIP file renamed with a .TXT extension.

 

.ZIP, .TAR, .RAR et.al have been blocked for at least two years. They also routinely scan all computers on their network to ensure the PCs DON'T even have WinZip or similar programs installed.

 

Flash memory devices, portable hard drives, floppy disks, and even personal CDs are not allowed on company property. They also have disabled the ability for people to sync up their PDAs with their work (Outlook) calendar. So, in order to have a functional PDA, I have to manually re-enter meetings, appointments, and similar things into my PDA.

 

I actually worked for one company that fired any employee who intentionally or accidently introduced a virus onto the network. And this was not an idle threat because I know a half dozen employees who lost their jobs over an innocent mistake.

 

-------------

"We need to have more respect for each other. Things have just gone really crazy, out of control. ... We're on a very weird kind of cycle." Stevie Wonder

[+ deej]

>So, in order to have a functional PDA, I have to manually re-enter

>meetings, appointments, and similar things into my PDA.

 

While I can understand this, it's unfortunate overkill. It's a controllable situation without making the IT infrastructure hostile to your doing normal business.

 

But I can see why they'd do it. It's a business tradeoff over where they invest their time and money.