There's an extremely critical Windows vulnerability that has surfaced over the last few days. It is a buffer overflow vulnerability in a DLL that handles rendering of images (Windows Meta File library), so simply viewing a malicious jpg could infect your machine. It's a zero-day exploit, and there are many malicious exploits already in the wild.
It's a nasty hole, according to security expert Steve Gibson in the Security NOW! podcast (ep. 20):
"It is able to install malware in people's computers just by visiting a website. In fact, the guys at F-Secure, while they were fetching a file in a DOS box, it infected their machine because they had Google's desktop search system going. And it turns out, when they fetched the file, Google's desktop system indexed it. And the process of indexing the file caused the exploit to run."
Steve has a great web page explaining the vulnerability, including directions on where to download a good patch:
http://www.grc.com/sn/notes-020.htm
You might also want to run Ilfak's WMF Vulnerability Checker (linked from Steve's page) before and after running the patch for that warm fuzzy feeling.
I've been using my Windows machine only for games and bittorrent, but after this, I think I might limit it only to games.
Steve Gibson and the ubiquitous Leo Laporte have a great weekly podcast covering practical computer security issues. Steve is really on top of things, and does a great job making complex security issues fairly easy to understand. While I'm not a security expert, I consider myself pretty knowledgeable on general security issues, and I still learn something new from each episode. Check it out on iTunes or from the Security Now! web site.
After e-eye announced this vulnerability this week - microsoft choose to address it!!!
Yet it is about 10 (count them) years old ...
But - it is not a new vulnerability - I can remember being shown an OLE/WMF hack being run inside MS-Word .. about 8 years ago.
Nuff Said ..
Posted by: drk | January 03, 2006 at 01:21 PM
This article is very well, thank you.
Posted by: michael jordan shoes | August 21, 2010 at 03:08 AM
This is a good subject to talk about. Sometimes I fav stuff like this on Redit. This article probably won’t do well with that crowd. I will be sure to submit something else though.
Posted by: Canada Goose UK | December 03, 2011 at 12:45 AM
Don't know what is wrong what is rite but i know that every one has there own point of view and same goes to this one
I agree completely with Ms. Malkin. Boo freaking hoo.
Posted by: Arcteryx Jackets | December 03, 2011 at 01:23 AM