New Windows Exploit found, please read this and take appropriate precautions.

[Cosmic]

Windows 0-day exploit found on Web
Published: 2005-12-28

A previously unknown vulnerability in the Microsoft Windows graphics rendering engine is being exploited by several malicious Web sites to infect visitors' systems, security experts said on Wednesday.

The vulnerability can be triggered remotely and gives the attacker full system privileges, according to technical descriptions of the issue. However, in a security bulletin released late Wednesday, Microsoft maintained that only local user privileges could be gained through the vulnerability. In the last 24 hours, three different Windows Meta Files (WMFs) have been detected trying to use the vulnerability to spread, according to antivirus firm F-Secure.

"Do note that it's really easy to get burned by this exploit if you're analyzing it under Windows," Mikko Hypp�nen, chief research officer for F-Secure said in a blog posting. "All you need to do is to access an infected web site with IE (Internet Explorer) or view a folder with infected files with the Windows Explorer."

Increasingly, security and software companies are worried about vulnerabilities that are exploited without any previous warning. Called zero-day exploits, the attacks can compromise systems before software makers issue patches to fix a security issue. Last month, a security researcher attempted to sell a previously unknown vulnerability in Microsoft Excel on eBay. Several companies have marketed defenses against zero-day exploits and Microsoft has created a network of automated Windows systems, known as honeymonkeys, that browse the Web to find malicious code targeted at Internet Explorer.

Google Desktop users have to be particularly careful as the search giant's software indexes any downloaded image file, an action that will cause the exploit to immediately execute, according to security researchers. A Microsoft spokesperson said the company is currently investigating the reports.

This primarily affects any website where users can submit their own images... yes, even these forums. Myspace, Wikipedia and eBay are also vulnerable. ALL Windows users stand a chance of being infected and at this time the best course of action is to use FireFox since it prompts you before the file downloads and executes itself. Microsoft claim that a fix will be released on the 10th of January, so in the meantime be vigilant. All it takes is a dodgy 1x1 pixel image on a webpage or email and you're infected. If you have the file in your cache, DO NOT try to delete it. Even highlighting the filename in Windows Explorer can be fatal. I just wanted to give everyone here a heads up since it really is a nasty piece of work and any Windows user stands a chance of being infected.

EDIT: More information here, and there's also an unofficial patch available. It's been verified by multiple websites, but as always use at your own risk.

EDIT 2: ...And here's what Microsoft have to say about the situation.

[Mikey_]

wow. thats kinda scary. i noticed how they kept saying IE and not just, 'your browser'. thank goodness i don't use IE lol

[Evans]

Rep the guy, guys.

I'm currently downloading FireFox and checking out some plugins and extensions.

*wooosh*

EDIT: Would someone sticky this? For some time, at least.

[Mikey_]

i just repped him. good move evans. definitely use FF. and whatever cheezy says do not use opera *trips evans while he wooshes*

Edit: i was about to sticky it. how the hell do i get the thread ID?

[Cosmic]

Thanks for the rep, guys. I've now stuck this thread...

[polobunny]

That's what you get when visiting pr0n sites.
It's funny to see a bunch of people crying. Why Microsoft didn't make a patch yet? Why this issue wasn't patched before the exploit was found?
God damn, that's just not how it works dumdums!

pivx_ got that prog which patches certain unpatched holes in IE and other common windows program, interesting.
http://www.pivx.com/HomeOffice/

Start protecting your computer today against "zero-day" cyber attacks and feel secure online.

Edit: If I remember correctly, PandaMan posted something about the WMF flaw not long ago in the hangout. Only disabling the image preview in WinXP does the trick apparently, but i'm using that app for view most of my images.

[JoPrk]

i just repped him. good move evans. definitely use FF. and whatever cheezy says do not use opera *trips evans while he wooshes*

Edit: i was about to sticky it. how the hell do i get the thread ID?

Whats wrong with Opera it is much better then Firefox in my opinion, I hate the stupid get firefox spam I see everywhere nowadays it pisses me off.

[Cyberxion]

I got an email about this from the head office today at work, since we use Internet Explorer in our everyday dealings. My first thought? Who the fuck cares.

[Vivi]

Linux for the win .

[Kazuya]

I've been switching between FireFox and IE for the past 6 months.
So this new Exploit means nothing can stop this virus, right? Let's see how long I can use IE.

Oh btw, how come FireFox doesn't get infected by the website with "dodgy" pixels? If just taking a look at a website causes you to get the virus, what can FireFox do to protect you?

[Anonymous]

You must spread some Reputation around before giving it to Mikey again.

ass.

[Evans]

Oh btw, how come FireFox doesn't get infected by the website with "dodgy" pixels? If just taking a look at a website causes you to get the virus, what can FireFox do to protect you?

ALL Windows users stand a chance of being infected and at this time the best course of action is to use FireFox since it prompts you before the file downloads and executes itself.

That.

[Kazuya]

Okay, so getting a prompt before downloads helps.
You mean, the website automatically forces a download?
Or is it any download, like one you might want.

[Vivi]

Okay, so getting a prompt before downloads helps.
You mean, the website automatically forces a download?
Or is it any download, like one you might want.

not to mention it's a M$ coding flaw, right? IE was made by MS FF was not.

[polobunny]

It's not a common download, it's a windows metafile.
Go there to learn more about this type of file and how it "execute code" by default behavior.
http://www.skynet.ie/~caolan/publink/libwmf/libwmf/doc/

Simply previewing a WMF as thumbnail under Windows Explorer will trigger it and infect you, that's why it is so dangerous.