Content

WMF flaw to be patched this month

This month's "patch Tuesday" bulletin from Microsoft will feature a security update for the recently exploited Windows Meta File vulnerability.

The Redmond, Wash., company said Tuesday that it does not believe the scope of attacks on the flaw - which can result in PC shutdown - are widespread, adding that "customers who follow safe browsing best practices are not likely to be compromised by any exploitation of the WMF vulnerability."

"Microsoft has been carefully monitoring the attempted exploitation of the WMF vulnerability since it became public last week, through its own forensic capabilities and through partnerships within the industry and law enforcement," the company said in a statement. "Although the issue is serious and malicious attacks are being attempted, Microsoft's intelligence sources indicate that the scope of the attacks is not widespread. In addition, anti-virus companies indicate that attacks based on exploiting the WMF vulnerability are being effectively mitigated through up-to-date signatures."

Last week, the U.S. Computer Emergency Readiness Team and security firms warned that malicious users had set up attack websites to exploit the image vulnerability, from which they could execute arbitrary code, cause a denial of service condition or take complete control of an infected PC.

F-Secure said on Tuesday that code design from the 1980s is to blame for the vulnerability. The vulnerability exists on all Windows platforms, but only XP and 2003 are easily exploitable, the firm said.

"When Windows metafiles were designed in the late 1980s, a feature was included that allowed the image files to contain actual code. This code would be executed via a callback in special situations. This was not a bug; this was something that was needed at the time. This function was designed to be called by Windows if a print job needed to be canceled during spooling," the firm said.

The firm also warned of spoof emails pretending to be from the State Department or wishing users a happy new year. Numerous security experts recommended users consider unofficial patches that had been made available, such as one at https://www.hexblog.com.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.