New Windows image file virus threat discovered
16 January 2006, REDMOND, WASHINGTON - A gaping new hole has been discovered in the Microsoft Windows operating system.
16 January 2006
REDMOND, WASHINGTON - A gaping new hole has been discovered in the Microsoft Windows operating system.
A weakness in the Windows Metafile (WMF) graphics format can enable attackers to execute malicious programs on home computers, warns the German Federal Agency for Security in Information Technology (BSI).
Merely previewing an infected image file in an email attachment or the display of a corresponding file on a website is enough to infect the PC, the BSI reports from Bonn.
The WMF format was developed to facilitate the exchange of graphics between various programs. It allows executable program code to be stored in a document's meta-information and then transferred to the recipient.
A weakness in the WMF rendering engine allows attackers to execute any code they want in the WMF files with user rights for the affected machine, the BSI reports. This weakness can be exploited using "Enhanced Metafile" (EMF) files as well.
The security problem affects several Windows versions, including XP SP1, XP SP2, 2000 SP4, 98 and ME.
So far, the most common delivery device for the infected files have come through emailed New Year's greeting cards or surfing to trap Internet sites, the BSI notes. The weakness can also be used to download further malicious programs like "Trojan horses" onto the infected machine.
The infected machine can also be used to distribute intentionally misnamed WMF files, such as a WMF file that has been titled as a. jpg file.
Users of the Microsoft's Internet Explorer browser can be automatically infected by the malicious programs by visiting a Website designed to exploit the security gap, the BSI warns. Users of the Firefox browser can also be affected if they allow the execution of the corresponding WMF file when the browser asks for permission.
Microsoft has begun rolling out a patch for the problem through its Windows Update Website. As a preliminary measure, the experts recommend deregistering the "Windows Picture and Fax Viewer" in the operating system.
This prevents the viewer from executing files that are linked with this function. Users of the Firefox Browser should review the settings under Options/Downloads to ensure that the browser has not been configured to automatically display WMF files.
IT expert Gunther Ennen also recommends keeping virus programs up to date.
"The exploits are recognized by current anti-virus programs," Ennen says. A most drastic measure would be to forbid the browser to display any image files. "Yet at that point surfing doesn't make much sense," he adds.
Subject: German news