computerwoche.de

Archiv

What you need to know about the WMF vulnerability

09.01.2006
IT staffers in the past week have been working to fend off attacks related to the recently disclosed Windows Metafile (WMF) vulnerability. With third-party patches already available, Microsoft released the official patch last Thursday, ahead of its original plan of issuing it on Tuesday, which is when it will release its monthly set of security patches and updates.

Computerworld Security channel editor Angela Gunn has put together an extensive FAQ on the vulnerability, how it works, what systems are affected and what you can do about it.

The problem

What's the fuss about? A major security hole involving WMF files. Exploits targeting the hole can use WMF files to run malicious code on a target machine -- infecting it with spyware, stealing data or recruiting it into a zombie network. The problem has existed for years, but its discovery was publicly announced in late December 2005.

Which versions of Windows are vulnerable? Microsoft stated that the vulnerability applies to all versions of Windows from 98 onward, though, practically speaking, only XP and Server 2003 installations are likely to have problems. Secunia confirmed the following systems to be at risk: Microsoft XP Pro, Microsoft XP Home, Microsoft Windows Server 2003 Datacenter Edition, Microsoft Windows Server 2003 Enterprise Edition and Microsoft Windows Server 2003 Standard Edition.

Are Mac, Linux or Unix systems vulnerable? Very funny.