Security news
Security news4 January 2006
Microsoft WMF vulnerability exploited in over 200 different attacks Microsoft flaw allows WMF graphic files to run malicious code
Updated 5 January 2006 to include information about fix from Microsoft
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have reported analysing over 200 different attacks exploiting a serious Microsoft security hole in the way Windows computers handle WMF graphic files.
Microsoft confirmed details of the vulnerability in late December 2005, which can allow remote hackers to install and run malicious code on Windows computers. Already Sophos, which automatically updated customers with the ability to detect malware using the exploit on 29 December, has seen hackers use over 200 different methods to attack computers in this way.
"Microsoft originally said it would release a fix for the problem as part of its regular patch cycle on Tuesday 10 January. The reason for the delay was explained by the software giant as being because it needed more time to properly test the patch to ensure it didn't cause unanticipated problems," said Graham Cluley, senior technology consultant for Sophos. "We have seen over 200 differently crafted attempts to infect computers using the WMF exploit, but as yet none are believed to be widespread. Companies would be sensible to ensure their anti-virus and anti-spam software is automatically updating itself to provide a higher level of protection for their users."
Security researcher Ilfak Guilfanov set up a website which contains an unofficial patch for the problem, for computer users who did not wish to wait for Microsoft to release its fix.
"In our testing we have found no problems with Guilfanov's fix for Microsoft's WMF vulnerability, and it does prevent the exploits from working," continued Cluley. "However, companies will now be able to use the official patch from Microsoft rather than rely upon a third party security patch."
Sophos recommends companies protect their email with a consolidated solution to thwart the virus and spam threats and secure their desktops and servers with automatically updated anti-virus protection, the latest security patches, and properly configured firewalls.
Download now
- USA number 1 for malware and spam
- Huge surge in email attachment attacks
- Scareware makes users buy bogus products
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
