Well, as Bill Gates showcases the new Windows Vista OS, yet another weakness in all previous Windows systems has come to light. This time it's in the form of an attack using internet image files, especially WMF images. I heard that McAfee issued some sort of press release saying that about 6% of its customers had already been infected - and that's really bad, considering that McAfee is one of the leading antivirus program companies.

Anyway, is this anything to worry about? Microsoft says it hopes to release a patch for the problem by the 10th, so that should hopefully plug up the leak, but is this as big of a problem as some sites are making it sound? Just wondering about your opinions.

Some information on the vulnerability and the patch(es) can be found here (http://www.gcn.com/vol1_no1/daily-updates/37859-1.html).


EDIT: Actually, I didn't read that article closely enough; apparently the problems only extend to Windows XP with service packs 1 and 2 and Win 2003 with service pack 1. My bad.

(Dang, my college got really panicky over this one... >_>)

They can be any image files on the Internet infected with a virus. Of course if you find an infected image using Internet Explorer you'll be doomed straight away whereas Firefox asks if you want to run some scripts or something while looking at an image so just decline.

No firefox wont even read it as if the scripts existed if my knowledge is correct. Along with Opera and all being immune probably too. If my theory is correct anyways. Plus mcAffees is as bad as a virus itself. It's a pathetic excuse for a virus program. Same for norton.

Okay, thanks. That's very helpful, considering I use Firefox. And in regards to virus programs, I use a cluster of unusual ones. Norton's worthless, and I guess McAfee's worse. But that's to be expected; after all, leading the industry essentially puts a target on the backs of antivirus companies.

I appreciate the clarifications!

All versions of Windows since Win98 are vulnerable. Firefox users are still vulnerable if they have caching turned on (and 100% of everyone does), because the image is still stored on the hard drive and as soon as you access it, oops you're boned.

You're not automatically invulnerable to everything just because you use an alternative browser. The best Firefox users are the ones who recognise Firefox's weaknesses.

Microsoft have released a patch for this. Get it through Windows Update.

I thought IE was the only browser that actually was compatible with wmf images though. Although it was a rough recall from my memory when I studied images.

Are you sure that Microsoft's released a patch? I remember that there was a third-party patch, and that Microsoft hoped to have one ready by the 10th, but I don't see one available through Windows Update right now. The only thing available is the "Microsoft .NET Framework 1.1 Service Pack 1". And that doesn't really sound like the patch in question, from what I can tell. Maybe I'm just growing ever-more computer illiterate, though... :P

Are you sure that Microsoft's released a patch? I remember that there was a third-party patch, and that Microsoft hoped to have one ready by the 10th, but I don't see one available through Windows Update right now.


Maybe it isn't. My mistake. It doesn't make sense why it's not there though. Either way, you can get it from this security bulletin instead: http://www.microsoft.com/technet/security/Bulletin/MS06-001.mspx

edit: I'm informed by numerous reputable sources that there is indeed a high priority fix for this in Windows Update, and it's also automatically installed through Automatic Updates so you might not have noticed it being installed.

http://img498.imageshack.us/img498/8553/wmfexploit2rq.png



I thought IE was the only browser that actually was compatible with wmf images though. Although it was a rough recall from my memory when I studied images.


WMF images are nothing to do with Internet Explorer. WMF is a Microsoft-produced vector graphics format that is used most often (although not exclusively) for Microsoft Office clip art.

Ok thanks for clearing that as it's been along time since I looked up on images. So am I right in saying Microsoft office uses the WMF format for embedding images into the documents it produces. Does that mean this problem is most common in sites produced in such programs as word and publisher?

Thank you. I appreciate the help. I assume that it must've installed itself during an automatic update, because I still don't see that particular item on the update list. That'll bring me a little peace of mind, especially considering how often there are images on this board in avatars, signatures, and within the posts themselves. Thanks again!

So am I right in saying Microsoft office uses the WMF format for embedding images into the documents it produces.


No, a large proportion of Microsoft Office programs use either bitmaps or the original file type for embedding images.



Does that mean this problem is most common in sites produced in such programs as word and publisher?


No, only specially-crafted WMF files contain the exploit. Web sites built using Word or Publisher would only carry the exploit if their authors embedded a specially-crafted WMF file in a page of the site. Speaking of which, any webmaster who uses Word or Publisher to create a web site should be immediately sterilised.

I know what you mean. I saw a small web page that was extremely small and consisted of a nav bar at the side and two paragraphs of text. It's source code was over 20,000 lines long because of M$ publisher. Meaning it's total file size was about 830kb. I bet that person has some serious bandwidth problems.