(OT) Windows zero day nightmare exploited

29/12/2005 - 14:22 por ISTBOLI | Informe spam

Aaargh! Updated No fix for Windows XP SP2

By INQUIRER staff: miércoles 28 diciembre 2005, 12:11

F-SECURE, Bugtraq and a number of other security aware outfits have warned
of a zero day vulnerability that's being actively exploited as we write.
Fully patched Windows XP SP2 machines are vulnerable and there's no known
fix as yet.

A number of trojans are being distributed using the vulnerability, related
to Windows' image rendering.

Have a look, for example, at the F-Secure site, here, for more information.

F-Secure says you can get blatted if you visit a site with an image file
containing the exploit. IE users may automatically be infected. Firefox
users can get infected if the image file is downloaded. There's more solid
advice at F-Secure. We await a patch from Microsoft. µ

See Also
Microsoft zero day WMF pulls in Mikhail Gorbachev

* UPDATE Ken Dunham, director at iDefense, said the zero day WMF
exploitation threat affecting fully patched versions of XP and Windows 2003
Web Server is underway. It has been exploited by multiple sites and added to
the infamous Meetasploit tools. Attacks in the last 12 hours, said Dunham,
have been minor. But systems so far attacked have shown clear signs of
infection. He warned further attacks were likely.

There is no solid workaround against emerging WMF exploits. Locking down WMF
files on the gateway and building network detection signatures may mitigate
known threats. The impact of attacks may also increase.

Eduardo Valls

begin 666 adlog.php?bannerid!5&campaignid2&zoneid$&source=&block=0&capping=0&session_capping=0&cb=1ab2f68fee
K1TE&.#EA`0`!`( ``/___P```"'Y! ``````+ `````!``$```("1 $`.P``
`
end

avast! Antivirus: Mensaje saliente limpio.
Base de datos de Virus (VPS): 0552-1, 28/12/2005
Comprobado el: 29/12/2005 14:23:01
avast! - copyright (c) 1988-2005 ALWIL Software.
http://www.avast.com

Siga el debate

2 respuestas

Tengo una respuesta

DRAGON AGE™: INQUISITION – Matadragones

Leer las respuestas

#1 oR

29/12/2005 - 15:44 | Informe spam

Y tambien,
http://www.vsantivirus.com/28-12-05.htm
http://www.vsantivirus.com/vul-wind...281205.htm

Estamos mal a la proxima con solo leer texto se nos meten los bichos :(
oR escuchando a (Eddy Grant - Electric Avenue [1983]) en (S K Y . F M - Best of the 80s - hear your classic favorites and relive those retro 80s!) usando Screamer Radio v0.3.7

ISTBOLI tipeo:
|| Aaargh! Updated No fix for Windows XP SP2
||
|| By INQUIRER staff: miércoles 28 diciembre 2005, 12:11
||
|| F-SECURE, Bugtraq and a number of other security aware outfits have
|| warned of a zero day vulnerability that's being actively exploited
|| as we write. Fully patched Windows XP SP2 machines are vulnerable
|| and there's no known fix as yet.
||
|| A number of trojans are being distributed using the vulnerability,
|| related to Windows' image rendering.
||
|| Have a look, for example, at the F-Secure site, here, for more
|| information.
||
|| F-Secure says you can get blatted if you visit a site with an image
|| file containing the exploit. IE users may automatically be infected.
|| Firefox users can get infected if the image file is downloaded.
|| There's more solid advice at F-Secure. We await a patch from
|| Microsoft. µ
||
|| See Also
|| Microsoft zero day WMF pulls in Mikhail Gorbachev
||
|| * UPDATE Ken Dunham, director at iDefense, said the zero day WMF
|| exploitation threat affecting fully patched versions of XP and
|| Windows 2003 Web Server is underway. It has been exploited by
|| multiple sites and added to the infamous Meetasploit tools. Attacks
|| in the last 12 hours, said Dunham, have been minor. But systems so
|| far attacked have shown clear signs of infection. He warned further
|| attacks were likely.
||
|| There is no solid workaround against emerging WMF exploits. Locking
|| down WMF files on the gateway and building network detection
|| signatures may mitigate known threats. The impact of attacks may
|| also increase.
||
|| Eduardo Valls
||
||
||
|
|
|
||
||
||
||
|| avast! Antivirus: Mensaje saliente limpio.
|| Base de datos de Virus (VPS): 0552-1, 28/12/2005
|| Comprobado el: 29/12/2005 14:23:01
|| avast! - copyright (c) 1988-2005 ALWIL Software.
|| http://www.avast.com

Leer las otras respuestas

Preguntas similares

Busqueda sugerida :