Castle Paradox

Camdog · Joined: 08 Aug 2003 Posts: 606

Hey guys. Sorry this isn't OHR-related, but I thought it would be a good idea to spread the word about this.

A bunch of hackers recently published an exploit in the way windows handles displaying .wmf files. This is a really nasty exploit that can dump a whole bunch of nasty stuff on your machine just by viewing a picture. F-Secure says, "The potential [security threat] is huge. Itâ€™s probably bigger than for any other vulnerability weâ€™ve seen. Any version of Windows is vulnerable right now."

Worse, it's a zero-day exploit, so microsoft hasn't released a fix yet. In other words, even if your machine is fully patched and updated, it's still vulnerable. There are, however, a few things you can do.

First, there is an unsupported patch out there. It's quick and dirty, so it may cause some problems with other programs, but it's easy to uninstall if you're having problems and now it's the only sure way to protect your machine from this exploit. Get it here. Test it here. I use it, and I'm doing great!

If you're nervous about installing that (although I highly recommend that you do), there's another workaround that involves disabling a relevant dll. Instructions on how to do that are found here. Remember, this only prevents the most common way for the exploit to work from working, so while it's better than nothing, the patch is still better.

And also remember, this only prevents the exploit from dumping malware on your system. If malware is already there, you'll need to remove it through other means. Always run good anti-virus and anti-spyware programs! Good luck!

Phil Arts · Posted: Thu Jan 05, 2006 6:58 am Post subject:

beau_rl · Posted: Thu Jan 05, 2006 4:31 pm Post subject:

This happened to me, and it installed something called "SpyAxe" on my computer.

The patch worked very well for me.

MultiColoredWizard · Posted: Fri Jan 06, 2006 5:08 am Post subject:

so how exactly do you get code to execute in an image?

Moogle1 · Posted: Fri Jan 06, 2006 9:00 am Post subject:

By writing a really crappy combination of OS/web browser.

It's a security flaw that only occurs running IE under XP. The rest of you should be safe. Meanwhile, Microsoft HAS released a patch now, so if you're running XP, you should get that ASAP.
_________________

Slime Salad :: Independent Game Design

jabbercat · Posted: Fri Jan 06, 2006 9:44 am Post subject:

I was under the impression that it exploits nearly all of the win OSes, but I could be wrong. Has Microsoft released an offical report on the virus?
_________________
Moogle no longer owes prizes.

Moogle1 · Posted: Fri Jan 06, 2006 10:25 am Post subject:

Yeah, I'm going off of what I read on slashdot. I could be wrong about the OS deal, but I'm pretty sure it's XP-exclusive. I'm certain it's IE-exclusive, though, which means everyone I know will be unaffected.
_________________

Slime Salad :: Independent Game Design

jabbercat · Posted: Fri Jan 06, 2006 1:47 pm Post subject:

In that case: Whoop!

I'm a big fan of FireFox, although it's alittle too CPU intensive. It's fine on my home comp, but I wouldn't use it on a workstation, others might be more efficient.
_________________
Moogle no longer owes prizes.

TMC · Posted: Fri Jan 06, 2006 3:32 pm Post subject:

Yeah. I'm a firefox fan, but it's a bit buggy. Too many memory leaks.
_________________
"It is so great it is insanely great."

Camdog · Joined: 08 Aug 2003 Posts: 606

Moogle: I'm afraid you're wrong on both counts. It exploits all modern windows systems and will work regardless of the browser you're using. This is because the exploit is related to neither the operating system or the browser, but the file format itself.

.wmf is an old format that was written before people thought about network security too much. The coders thought it would be neat to allow .wmf files to launch code, so the exploit didn't find a bug, rather it uses a 'feature' of .wmf files. So yeah, be careful guys. Get the patch (official, now that it's out.)

TMC · Posted: Tue Jan 10, 2006 6:00 am Post subject:

A great deal of the security holes in windows are due to unsecure features someone thought would be "cool" - Half these expliots just attach viruses to the builtin "run foreign code" feature. Remember email viruses that run as soon as they enter your inbox?
_________________
"It is so great it is insanely great."

Mike Caron · Posted: Tue Jan 10, 2006 8:56 am Post subject:

You know, the very fundamental aspect of how Windows works is flawed (no, I'm not talking about the concept of Windows). See, windows (plural of window) do things by sending "messages" to eachother. When you click on a button, a message is sent to the window corresponding to the button (a window is not just the program windows. Everything visible has a window) telling it of that fact, and so forth.

The issue is that there's a message that tells that window (and the corresponding program) to execute a pointer (a pointer is just a reference to a place in memory). That in itself is dangerous, or at least self destructive, but then messages are annonymous. Any program can send any window a message. So, if Johnny C. Haxor write a virus that sends Norton a message with code to shut itself down, oopz.
_________________
I stand corrected. No rivers ran blood today. At least, none that were caused by us.

Final Fantasy Q
OHR Developer BLOG
Official OHRRPGCE Wiki and FAQ

FyreWulff · Posted: Fri Jan 13, 2006 5:00 am Post subject:

Blue Pixel · Posted: Fri Jan 13, 2006 8:32 pm Post subject:

there is only one thing we can do to stop them. blast there motha fucking heads off.
_________________

LeRoy_Leo · Posted: Fri Jan 13, 2006 11:58 pm Post subject:

If we can find them, you do that. It would be a big favor.
_________________
Planning Project Blood Summons, an MMORPG which will incinerate all of the others with it's sheer brilliance...

---msw188 ---
"Seriously James, you keep rolling out the awesome like gingerbread men on a horror-movie assembly line. "