WMF ranjivost Windows-a + (update link)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:@SSpin neznam kako tebi nije uspelo?????

Ma uspelo mi je, kad si mi dao link radi sad lepo sam napisao

Citat:Ok ovo radi tnx

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo i nekih Microsoft-ovih odgovora na najcesca pitanja vezana za ovaj problem:


1. Is this a security vulnerability that requires Microsoft to issue a security update?
We are currently investigating the issue to determine the appropriate course of action for customers. We will include the fix for this issue in an upcoming security bulletin.


2. What is the Windows Metafile (WMF) image format?
A Windows Metafile (WMF) image is a 16-bit metafile format that can contain both vector information and bitmap information. It is optimized for the Windows operating system.


3. What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

4. How could an attacker exploit the vulnerability?
An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.

5. I am reading e-mail in plain text, does this help mitigate the vulnerability?
Yes. Reading e-mail in plain text does mitigate this vulnerability where the e-mail vector is concerned although clicking on a link would still put users at risk.

Note In Windows Server 2003, Microsoft Outlook Express uses plain text for reading and sending messages by default. When replying to an e-mail message that is sent in another format, the response is formatted in plain text.

6. I have DEP enabled on my system, does this help mitigate the vulnerability?
Software based DEP does not mitigate the vulnerability. However, Hardware based DEP may work when enabled: please consult with your hardware manufacturer for more information on how to enable this and whether it can provide mitigation.

7. If I block .wmf files by extension, can this protect me against attempts to exploit this vulnerability?
No. Because the Graphics Rendering Engine determines file type by means other than just looking at the file extensions, it is possible for WMF files with changed extensions to still be rendered in a way that could exploit the vulnerability.

8. It has been reported that malicious files indexed by MSN Desktop Search could lead to exploitation of the vulnerability. Is this true?
We have received reports and are investigating them thoroughly as part of our ongoing investigation. We are not aware at this time of issues around the MSN Desktop Indexer, but we are continuing to investigate.

9. Is this issue related to Microsoft Security Bulletin MS05-053 - Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution (896424) which was released in November?
No, these are different and separate issues.


10. Will my anti-virus software protect me from exploitation of this vulnerability?

As currently known attacks can change, the level of protection offered by anti-virus vendors at any time may vary. Customers are advised to contact their preferred anti-virus vendor with any questions they may have or to confirm additional information regarding their vendor’s method of protection against exploitation of this vulnerability.

11. When this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
Yes. When the security advisory was released, Microsoft had received information that this vulnerability was being actively exploited.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ma sta mi Windows pise o njihovim problemima posao je za Kav-a koji je to odradio a" microsoft"koji je supalj neka resava to u svojoj kuci Kasperky je odmah reagovao u cemu je i sustina problema, sve ostalo je bezpredmetno!!!b
Go ahead make my day

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Na sledecim linkovima je koriscen taj exploit, znaci, izbegavajte sledece linkove i domene:

toolbarbiz.biz,
toolbarsite.biz,
toolbartraff.biz,
toolbarurl.biz,
buytoolbar.biz,
buytraff.biz,
iframebiz.biz,
iframecash.biz,
iframesite.biz,
iframetraff.biz,
iframeurl.biz

btw. 1.48% kompova je vec pogodjeno ovim exploitom.

Privremeno resenje:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Napomena: ukoliko primenite gornje resenje, vas Windows ostaje bez podrske i za JPG fajlove.

Za ponovno vracanje na staro:
regsvr32 shimgvw.dll

Jedan od programera koji radi na IDA disassembleru je objavio i neoficijelni Patch za WinXP SP2 koji omogucava onemogucava ovaj eksploit, bez da vam ukine podrsku za slike:
http://www.hexblog.com/2005/12/wmf_vuln.html

izvor:
http://www.betanews.com/article/MS_Confirms_WMF_Flaw_Variants_Spread/1135888538

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@bobby pa taj sam ja i nasao posto mi je komp 24h na net-u ali posle ovog updatea sam ga i skinuo jer sam bas skidao neke slike i poznato je da se preko slika i najcesce pokupe razne gamadi,i zatim sam ponovio isti put ali bez problema ali hvala ti na obavestenju zbog ostalih korisnika Kav-a da se ne brigaju,samo da odrade taj patch

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@Bobby

Citat:Privremeno resenje:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Da li je ovo potrebno, da se radi, iako sam vec skinuo patch za KAV i izvrsio update?
Da li je pozeljno instalirati http://www.hexblog.com/2005/12/wmf_vuln.html patch na sajtu koji si stavio, pored vec instaliranog patch-a za KAV?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby ::

Privremeno resenje:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Napomena: ukoliko primenite gornje resenje, vas Windows ostaje bez podrske i za JPG fajlove.



I ne samo za JPG vec ce se desiti i:

The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

@SSpin nemoras instalirati to ako si skinuo patch,Sigurno!!!Pozd...

Dopuna: 31 Dec 2005 19:33

KAV Distributer ::bobby ::

Privremeno resenje:

1. Click on the Start button on the taskbar.
2. Click on Run...
3. Type "regsvr32 /u shimgvw.dll" to disable.
4. Click ok when the change dialog appears.

Napomena: ukoliko primenite gornje resenje, vas Windows ostaje bez podrske i za JPG fajlove.



I ne samo za JPG vec ce se desiti i:

The Windows Picture and Fax Viewer will no longer be started when users click on a link to an image type that is associated with the Windows Picture and Fax Viewer.

za koje jpg fajlove ako imas ACDSee sta ce mi onda Fax Viewer,nemoj da ovde pricamo o nekima stvarima koje malo ko koristi od Windoze???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li je neko uočio kočenje ostalih aplikacija u toku skeniranja ..
nakon instalacije zakrpe za kav ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne SVITAC nikakvih promena nisam osetio na oba 2 komp-a