Page 2 of 2
Posted: Tue Jan 03, 2006 11:48 am
by robc
xyzzy: sure, running a browser (and any application that accesses the net and renders HTML, like a mail client) in a low-privileged context is one of the most important security precautions, and I'm afraid it's not "a lot" of people not doing that, but "most"
I, for one, spending a lot of time running development environments which need administrative rights, use the DropMyRights utility with browsers and mail client.
Posted: Tue Jan 03, 2006 6:03 pm
by robc
Posted: Tue Jan 03, 2006 7:25 pm
by XnTriq
Posted: Tue Jan 03, 2006 9:23 pm
by KRH
The only viewer on my Win98 computer capable of opening wmf files is XnView. If I change the extension to .jpg, I get an error message stating that the file type cannot be determined if I try to open it in XnView. Shouldn't that make me feel pretty safe about an infectectuous wmf file disguising itself with a bogus extension? (I'm already somewhat protected from online infection by the fact that my Firefox browser will ask confirmation for opening a wmf file and, even if permission is granted, will try unsuccessfully to open it with Windows Media Player.)
Posted: Wed Jan 04, 2006 2:00 am
by Guest
Xyzzy wrote:robc:
I think also that a LOT of people miss one point from MS advisory- using restricted user accout to mitigate threat. As exploit is executed in user context, it can't really do much harm on restricted account because of inability to infect whole system- just one account.
I was the previous "be very afraid" 'guest'. I have never missed that point. We run almost all of our over 100 desktops as restricted user but that does not completely prevent potential havoc. A simple scenario: systems don't get permanently infected but run some crap while the user is still logged in. This can range some simple infection attempts by multiple means, to spewing spam for hours, to trying to nuke any files on the network that that user has rights to. Suffice to say all desktops are now patched and unregistered. It just make sense even if no uber exploit appears.
Posted: Wed Jan 04, 2006 8:20 am
by Xyzzy
One good news- most antivirus software seem to have caught up.
X.
Posted: Thu Jan 05, 2006 9:10 pm
by ckv
Microsoft is going to release today the update what will fix the WMF vulnerability on XP, 2003 and 2000 (sp4) systems.
Source:
http://www.f-secure.com/weblog/#00000771
Also remember to first uninstall the unofficial patch (if you have installed it) before installing the official patch.
Posted: Sat Jan 07, 2006 3:20 am
by XnTriq
KRH
Steve Gibson ([url=http://www.grc.com/sn/notes-021.htm]Security Now! Notes for Episode #21[/url]) wrote:Microsoft is not fixing Windows 98/ME
. . . so GRC will.
Microsoft has now “reclassified” the WMF vulnerability in Windows 95, 98, and ME as non-critical (instead of just fixing it!). This means that it will probably NOT be updated and patched to eliminate the WMF handling vulnerability that those older versions of Windows apparently still have. (This vulnerability still needs to be confirmed.)
So, if Microsoft does
not produce an update to repair those older versions of Windows, GRC
will make one available.
Posted: Sat Jan 07, 2006 7:44 am
by KRH
Yes, thank you, XnTriq, I have seen that. There are already a few other fixes for Win98 posted at other sites (like
this one) but I trust Steve Gibson and I'll wait for whatever he recommends. Actually, with all the research I've done, I'm not very concerned about the "vulnerability" in Win98, but it will be nice to just install a fix and be done with it.
Posted: Sat Jan 07, 2006 7:46 am
by ckit
Now that Microsoft has issued a patch for the WMF issue this thread should be closed.
There are alternatives for Win98 users, just use Google.
Posted: Sun Jan 08, 2006 9:15 pm
by KRH
ckit wrote:Now that Microsoft has issued a patch for the WMF issue this thread should be closed.
There are alternatives for Win98 users, just use Google.
As my last post indicates, I actually am quite done with the topic; but to be honest and with all due respect, I find your post somewhat disrespectful. The MS patch does nothing for Win9x users. XnView is at least theoretically a potential avenue of infection and any ongoing developments are of concern to users of Win9x and Xnview. In spite of your objections, I would hope that any helpful news regarding the issue would be posted here. "Google it" could have been said about anybody's concerns at any point in this thread.
Posted: Sun Jan 08, 2006 10:26 pm
by ckit
If there is a problem in XnView with WMF files then Pierre will fix it in due course.
This thread no longer serves any purpose.
Posted: Sun Jan 08, 2006 10:34 pm
by KRH
ckit wrote:If there is a problem in XnView with WMF files then Pierre will fix it in due course.
Again, that could have been said at any point in this thread. It's not a valid response to current concerns for some people other than yourself. I won't say anything further.
