Advertisement
Promo

Security threats Toolkit

In association with Network Liberation Movement

Talkback

Post a comment


Story: Firms urged to use unauthorised Windows patch

  • Previous comment

Posted by: John Doh (Wednesday 4 January 2006, 10:54 PM)

  • Reply

John L.

>After installing it and following all instructions
>regarding unregistering a dll. etc I found that I could
>no longer access ANY of my jpegs.

This is by design, this is what the Microsoft part of the workaround is actually supposed to do.

I draw your attention to the penultimate paragraph of the article you are replying to:

>Security experts say the WMF exploit is potentially
>very dangerous as conventional antivirus
>software and IDS signatures do not recognise the
>malicious code in email spam, as the exploit is
>sent in seemingly normal JPEG, GIF, or Bitmap
>files.

This means that untill either Microsoft release a patch, or the exploit is foiled, any graphical image format supported by the dll you just unregistered is potentially a virus risk.

Any image file, any you view with a web browser, or recieve through the mail. Including those spam images you didn't ask for, are all potential plague rats.

That's how big this problem has the potential of being.

This page:
http://isc.sans.org/diary.php

Is advising Organisations to think about disconnecting from the internet. Switching off all web and email traffic. This has the potential to be a lot more serious that not being able to view a few jpegs.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment

South Korea plans to fingerprint visit...

The South Korean authorities could fingerprint and photograph foreign visitors from 2012, the Korea Times reported on Tuesday. Barring diplomats and government operatives, all visitors... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters