Advertisement
Promo

Security threats Toolkit

In association with HP

Talkback

Post a comment


Story: Firms urged to use unauthorised Windows patch

  • Previous comment

Posted by: John Doh (Wednesday 4 January 2006, 10:54 PM)

  • Reply

John L.

>After installing it and following all instructions
>regarding unregistering a dll. etc I found that I could
>no longer access ANY of my jpegs.

This is by design, this is what the Microsoft part of the workaround is actually supposed to do.

I draw your attention to the penultimate paragraph of the article you are replying to:

>Security experts say the WMF exploit is potentially
>very dangerous as conventional antivirus
>software and IDS signatures do not recognise the
>malicious code in email spam, as the exploit is
>sent in seemingly normal JPEG, GIF, or Bitmap
>files.

This means that untill either Microsoft release a patch, or the exploit is foiled, any graphical image format supported by the dll you just unregistered is potentially a virus risk.

Any image file, any you view with a web browser, or recieve through the mail. Including those spam images you didn't ask for, are all potential plague rats.

That's how big this problem has the potential of being.

This page:
http://isc.sans.org/diary.php

Is advising Organisations to think about disconnecting from the internet. Switching off all web and email traffic. This has the potential to be a lot more serious that not being able to view a few jpegs.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

More In Security threats


Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Sentry Posts Blog

Civil liberties groups attack file-sha...

Civil liberties and digital rights organisations have strongly criticised Lord Mandelson's Digital Economy Bill. Liberty said in a position paper on Tuesday that the bill, part of... More

Post a comment

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters