Yeh, only applies to ALL WINDOWS USERS!!!
Steve Gibson (developer of Spinrite) has perhaps the best material on the Windows Metafile security flaw and what to do about it NOW. Just CLICK on over and follow directions. He even posts a link to a patch (for Win2000, XP/SP2 and 2003 systems only) developed by a NON-Micro$oft software engineer that Steve recommends highly. Steve also posts a workaround for older Windows OS systems and a vulnerability test. See more info at Ilfak Guilfanov's site.
I take Steve Gibson's word to be extremely reliable on this issue.
Do NOT rely on your anti-virus to catch this, folks. The hooks into the OS are too deep for that to be a reliable solution. DO take this as a serious security warning.
Further update (for those who are not yet inclined to CLICK through to the links above). From the highly-respected anti-virus/security firm F-Secure, this:
1) There are probably other vulnerable functions in WMF files in addition to SetAbortProc
2) This bug seems to affect all versions of Windows, starting from Windows 3.0 - shipped in 1990!
"The WMF vulnerability" probably affects more computers than any other security vulnerability, ever.
Don't say you weren't warned.
PSA Pinned to Conservative Cat's Bulletin Board with a link to Ferdy's predictions for 2006... uhm, 2005. heh |