Thursday, December 29, 2005

Windows Metafile Flaw getting more serious!

Microsoft's bulletin confirms that this vulnerability applies to all the main versions of Windows: Windows ME, Windows 2000, Windows XP and Windows 2003. Microsoft and CERT.ORG have issued bulletins on the Windows Metafile vulnerability: http://www.microsoft.com/technet/security/advisory/912840.mspx
http://www.kb.cert.org/vuls/id/181038
It's a good idea to use the REGSVR32 workaround, which is listed inside the MS bulletin mentioned above, while waiting for a patch. And finally, you might want to start to filter these domains at your corporate firewalls too. Please don't visit them!
toolbarbiz[dot]
biztoolbarsite[dot]
biztoolbartraff[dot]
biztoolbarurl[dot]
bizbuytoolbar[dot]
bizbuytraff[dot]
biziframebiz[dot]
biziframecash[dot]
biziframesite[dot]
biziframetraff[dot]
biziframeurl[dot]biz .
I'm going to stop notifying you with all these addresses as this list seems to become larger and larger every hour. So use your anti-virus programs and check regularly for a patch or use the workaround from Microsoft. At this moment the WMF exploit is only being used to install spyware or fake anti-malware software on the affected machines. I'm wondering when we will see some other malware like viruses using this distribution method...